Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
I6H1RkEHlX.exe

Overview

General Information

Sample name:I6H1RkEHlX.exe
renamed because original name is a hash value
Original sample name:75f46aa95a621f2353b7539cad97e52d52206faf3819fe574a9fe539b471f7fa.exe
Analysis ID:1571332
MD5:abd3f9b48295537473af63572c5f91d3
SHA1:d676386a31327f0272f4713e7d1be1cbef7c0ce3
SHA256:75f46aa95a621f2353b7539cad97e52d52206faf3819fe574a9fe539b471f7fa
Tags:busquedasxurl-comexeuser-JAMESWT_MHT
Infos:

Detection

Python Stealer
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • I6H1RkEHlX.exe (PID: 6388 cmdline: "C:\Users\user\Desktop\I6H1RkEHlX.exe" MD5: ABD3F9B48295537473AF63572C5F91D3)
    • I6H1RkEHlX.exe (PID: 4712 cmdline: "C:\Users\user\Desktop\I6H1RkEHlX.exe" MD5: ABD3F9B48295537473AF63572C5F91D3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: I6H1RkEHlX.exe PID: 4712JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: I6H1RkEHlX.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: I6H1RkEHlX.exeReversingLabs: Detection: 23%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.6% probability
    Machine Learning detection for sample
    Source: I6H1RkEHlX.exeJoe Sandbox ML: detected
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B2365
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FF8A82B1A05
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A82B1811
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B17F8
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82CE948 CRYPTO_free,2_2_00007FF8A82CE948
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A831A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A831A930
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C6990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FF8A82C6990
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C4980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FF8A82C4980
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8A82B1A32
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A82B117C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B20E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B20E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F8A90 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A82F8A90
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FF8A82B110E
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A82B213F
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B4B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B4B10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82CCB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82CCB40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82DEB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,2_2_00007FF8A82DEB40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B4BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B4BD0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A82B1F87
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B2464
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82E4C28 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A82E4C28
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F2C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A82F2C10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82CEC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FF8A82CEC00
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B11A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A82B11A9
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8306C40 CRYPTO_realloc,2_2_00007FF8A8306C40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A831ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A831ACD0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FF8A82B2112
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82DCD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FF8A82DCD30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B21E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FF8A82B21E4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D8D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FF8A82D8D10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A82B1A23
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8310D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A8310D30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82E8D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82E8D90
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82BCDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FF8A82BCDC0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A82B105F
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FF8A82B195B
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8306E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8306E70
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8300E50 CRYPTO_memcmp,2_2_00007FF8A8300E50
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A82B1E65
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A82B1677
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8312F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A8312F60
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2374 CRYPTO_free,2_2_00007FF8A82B2374
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B4FA0 CRYPTO_free,2_2_00007FF8A82B4FA0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FF8A82B1393
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A82B1B90
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82BF060 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A82BF060
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B2121
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A831B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A831B0D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A82B1262
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82DD0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FF8A82DD0C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A83010C0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A83010C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1140 CRYPTO_free,2_2_00007FF8A82B1140
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8314110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FF8A8314110
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C21F0 CRYPTO_THREAD_run_once,2_2_00007FF8A82C21F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D21C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FF8A82D21C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B1389
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F4230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A82F4230
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F2230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FF8A82F2230
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82CE227 CRYPTO_THREAD_write_lock,2_2_00007FF8A82CE227
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82FE200 CRYPTO_free,2_2_00007FF8A82FE200
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B1401
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82FE260 CRYPTO_free,2_2_00007FF8A82FE260
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A82B198D
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A832A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FF8A832A2C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A83222F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A83222F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A82B1B54
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A82B2180
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A82B23D8
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8308350 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8308350
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B4300
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FF8A82B25EF
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C43A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FF8A82C43A0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D0380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FF8A82D0380
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FF8A82B139D
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B18B6
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A82B1A0F
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B84B0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FF8A82B84B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A82B1F23
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8314540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A8314540
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B1492
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B1488
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8322510 CRYPTO_free,CRYPTO_strndup,2_2_00007FF8A8322510
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82FE540 CRYPTO_free,2_2_00007FF8A82FE540
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82FE5A0 CRYPTO_free,2_2_00007FF8A82FE5A0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82DE5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FF8A82DE5E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F25D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FF8A82F25D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A82B1212
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FF8A82B114F
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F8620 CRYPTO_free,2_2_00007FF8A82F8620
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FF8A82B120D
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82CA600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FF8A82CA600
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B241E
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A82B14CE
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A83166E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A83166E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A83226E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FF8A83226E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F86D0 OPENSSL_cleanse,CRYPTO_free,2_2_00007FF8A82F86D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A82B26AD
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A82B17E9
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FF8A82B1CA3
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A832A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A832A770
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8310700 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A8310700
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B22D4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1771 CRYPTO_free,2_2_00007FF8A82B1771
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C4790 CRYPTO_get_ex_new_index,2_2_00007FF8A82C4790
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C47F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82C47F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B17DF
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F8810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A82F8810
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B136B
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8324809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A8324809
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B1A41
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B2577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FF8A82B2577
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B13DE
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B1181
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1D84 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A82B1D84
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FF8A82B204A
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C7980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FF8A82C7980
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B107D CRYPTO_free,2_2_00007FF8A82B107D
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D59F0 CRYPTO_free,CRYPTO_free,2_2_00007FF8A82D59F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B271B CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A82B271B
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C5A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8A82C5A10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A82B1A16
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8307A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A8307A40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FF8A82B1C53
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FF8A82B13D9
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82FDAF0 CRYPTO_free,2_2_00007FF8A82FDAF0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D5AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82D5AE0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B23EC
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C3B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FF8A82C3B30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C5B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FF8A82C5B10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A831BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A831BB70
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82FDB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82FDB60
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8315B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FF8A8315B10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FF8A82B222A
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A82B267B
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B23E7 CRYPTO_free,CRYPTO_memdup,2_2_00007FF8A82B23E7
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FF8A82B1361
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FF8A82B150F
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FF8A82B1CEE
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FF8A82B5C53
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FF8A82B1F37
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D5CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82D5CF0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FF8A82B19DD
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8307CD0 CRYPTO_memcmp,2_2_00007FF8A8307CD0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FF8A82B1F50
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8313D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FF8A8313D30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B1CBC
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FF8A82B15E6
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C5D80 CRYPTO_THREAD_run_once,2_2_00007FF8A82C5D80
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FF8A82B1CE9
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D1E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FF8A82D1E60
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FF8A82B16A4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B3EB0 CRYPTO_free,2_2_00007FF8A82B3EB0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FF8A82B5E80
    Source: I6H1RkEHlX.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043447097.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044232369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040694672.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3298169727.00007FF8A9355000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041753187.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040479676.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042467657.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043295378.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044310605.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: I6H1RkEHlX.exe, 00000002.00000002.3296790123.00007FF8A8729000.00000002.00000001.01000000.00000012.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: I6H1RkEHlX.exe, 00000000.00000003.2038135577.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301774579.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: I6H1RkEHlX.exe, 00000002.00000002.3298741675.00007FF8B27C0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040899724.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042602920.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038334416.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300794454.00007FF8B8AF5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042317637.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042813624.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3298741675.00007FF8B27C0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3301546534.00007FF8B93D1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040549976.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300049745.00007FF8B7837000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3299292604.00007FF8B5721000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041970513.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040338698.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300362249.00007FF8B7DF8000.00000002.00000001.01000000.00000014.sdmp, _asyncio.pyd.0.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040617631.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042735156.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3300160001.00007FF8B78B2000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301020489.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301439148.00007FF8B8F8D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042105282.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: I6H1RkEHlX.exe, 00000002.00000002.3298169727.00007FF8A9355000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300907587.00007FF8B8B09000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: I6H1RkEHlX.exe, 00000000.00000003.2038334416.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300794454.00007FF8B8AF5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044476371.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3297305284.00007FF8A8C84000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040832491.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: I6H1RkEHlX.exe, 00000002.00000002.3296790123.00007FF8A87C1000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: I6H1RkEHlX.exe, 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042395009.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041896004.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301236482.00007FF8B8CB6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040411411.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042665901.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038135577.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301774579.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043524542.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041678944.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3296790123.00007FF8A87C1000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042037175.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301666637.00007FF8B9843000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041822891.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044563358.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042179721.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042537214.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042248287.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040764664.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301020489.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043816935.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041598534.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: I6H1RkEHlX.exe, 00000002.00000002.3299292604.00007FF8B5721000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301338845.00007FF8B8F73000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301877473.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041524977.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301877473.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3299658950.00007FF8B604F000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283312344.0000026FBF790000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043368314.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044390005.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3300462606.00007FF8B7E1D000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC88D0 FindFirstFileExW,FindClose,0_2_00007FF6B3BC88D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6B3BD7E4C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6B3BE1EE4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6B3BD7E4C
    Source: Joe Sandbox ViewIP Address: 44.196.3.45 44.196.3.45
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284957819.0000026FC21E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssured
    Source: I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssured.com0A
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0154000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0154000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: I6H1RkEHlX.exe, 00000002.00000003.2076104260.0000026FC174C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283659667.0000026FC12D2000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC174C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlm
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlx
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlK3
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crld
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlY
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl3
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0154000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
    Source: _asyncio.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26A2000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286447601.0000026FC31D0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30B0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC314C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/functools.html#functools.lru_cache.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285091086.0000026FC2350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285091086.0000026FC2350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285176380.0000026FC2450000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2076005701.0000026FC1BBA000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2076005701.0000026FC1BDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286447601.0000026FC3298000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.esXt
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0154000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0154000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285176380.0000026FC2450000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/.m
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/p
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286447601.0000026FC31D0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl~Z
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htmfc
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285091086.0000026FC2350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26A2000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/X
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060284856.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2058912076.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2062033407.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC289B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botz
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284204867.0000026FC19C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=yy
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/recibidor.php
    Source: I6H1RkEHlX.exe, 00000002.00000002.3298380522.00007FF8B054D000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/1659
    Source: I6H1RkEHlX.exe, 00000002.00000002.3287796343.0000026FC33F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: I6H1RkEHlX.exe, 00000000.00000003.2063453461.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2065504756.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2065348519.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3298785131.00007FF8B27D1000.00000002.00000001.01000000.0000001E.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3299334649.00007FF8B572E000.00000002.00000001.01000000.0000001D.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284037754.0000026FC17C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283509607.0000026FC118C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: I6H1RkEHlX.exe, 00000002.00000003.2073556064.0000026FC16DD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2073991260.0000026FC16DD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2072661261.0000026FC1725000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283659667.0000026FC12D2000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283659667.0000026FC12D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: I6H1RkEHlX.exe, 00000002.00000002.3287796343.0000026FC348C000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284204867.0000026FC19C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284957819.0000026FC21E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: I6H1RkEHlX.exe, 00000002.00000003.2076063135.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284204867.0000026FC19C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284122354.0000026FC18C0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2072661261.0000026FC1725000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3297305284.00007FF8A8C84000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284957819.0000026FC21E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
    Source: I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioxe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3287796343.0000026FC33F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283659667.0000026FC12D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyP
    Source: I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: I6H1RkEHlX.exe, 00000000.00000003.2045892525.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: I6H1RkEHlX.exe, 00000000.00000003.2045892525.0000016EC0155000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2046066505.0000016EC0155000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2045892525.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3297044136.00007FF8A886A000.00000002.00000001.01000000.00000012.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: I6H1RkEHlX.exe, 00000002.00000003.2068226450.0000026FC1316000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283509607.0000026FC1110000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: I6H1RkEHlX.exe, 00000002.00000002.3297656172.00007FF8A8DFC000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3297305284.00007FF8A8C84000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE63700_2_00007FF6B3BE6370
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE72BC0_2_00007FF6B3BE72BC
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC79500_2_00007FF6B3BC7950
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE0F380_2_00007FF6B3BE0F38
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD1C900_2_00007FF6B3BD1C90
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7C980_2_00007FF6B3BD7C98
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BDE4B00_2_00007FF6B3BDE4B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BDA4300_2_00007FF6B3BDA430
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BDEB300_2_00007FF6B3BDEB30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD3AE40_2_00007FF6B3BD3AE4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD1A840_2_00007FF6B3BD1A84
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE42800_2_00007FF6B3BE4280
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE0F380_2_00007FF6B3BE0F38
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD22A40_2_00007FF6B3BD22A4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD18800_2_00007FF6B3BD1880
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD20A00_2_00007FF6B3BD20A0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE9FF80_2_00007FF6B3BE9FF8
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BDE01C0_2_00007FF6B3BDE01C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC8FD00_2_00007FF6B3BC8FD0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7E4C0_2_00007FF6B3BD7E4C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC1F500_2_00007FF6B3BC1F50
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE471C0_2_00007FF6B3BE471C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD5F300_2_00007FF6B3BD5F30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD86D00_2_00007FF6B3BD86D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE1EE40_2_00007FF6B3BE1EE4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD36E00_2_00007FF6B3BD36E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD1E940_2_00007FF6B3BD1E94
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7E4C0_2_00007FF6B3BD7E4C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE65EC0_2_00007FF6B3BE65EC
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD2D500_2_00007FF6B3BD2D50
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE6D700_2_00007FF6B3BE6D70
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80D79202_2_00007FF8A80D7920
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A802A9402_2_00007FF8A802A940
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80559602_2_00007FF8A8055960
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80439802_2_00007FF8A8043980
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A809099B2_2_00007FF8A809099B
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80D59E02_2_00007FF8A80D59E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8085A402_2_00007FF8A8085A40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8039AB02_2_00007FF8A8039AB0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80ABAD02_2_00007FF8A80ABAD0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80A8B102_2_00007FF8A80A8B10
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80B5B002_2_00007FF8A80B5B00
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80AFB302_2_00007FF8A80AFB30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8066B402_2_00007FF8A8066B40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A805BB912_2_00007FF8A805BB91
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80A2BB02_2_00007FF8A80A2BB0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8063BA02_2_00007FF8A8063BA0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8023BC02_2_00007FF8A8023BC0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A802FC702_2_00007FF8A802FC70
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8029C802_2_00007FF8A8029C80
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8048CB02_2_00007FF8A8048CB0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8079D802_2_00007FF8A8079D80
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A802BDA02_2_00007FF8A802BDA0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A803CDE02_2_00007FF8A803CDE0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A808AE702_2_00007FF8A808AE70
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80B5EF02_2_00007FF8A80B5EF0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8037F602_2_00007FF8A8037F60
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A807EFB02_2_00007FF8A807EFB0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A803BFA02_2_00007FF8A803BFA0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A804CFE02_2_00007FF8A804CFE0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80690102_2_00007FF8A8069010
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80270302_2_00007FF8A8027030
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A809B0602_2_00007FF8A809B060
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80310602_2_00007FF8A8031060
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80390602_2_00007FF8A8039060
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80D20B02_2_00007FF8A80D20B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80240B02_2_00007FF8A80240B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80E10E02_2_00007FF8A80E10E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A808A1102_2_00007FF8A808A110
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80811D02_2_00007FF8A80811D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80D51C02_2_00007FF8A80D51C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A806F2302_2_00007FF8A806F230
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80232952_2_00007FF8A8023295
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80BA2802_2_00007FF8A80BA280
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80472D02_2_00007FF8A80472D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80462F02_2_00007FF8A80462F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80A83102_2_00007FF8A80A8310
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80C43302_2_00007FF8A80C4330
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80833B02_2_00007FF8A80833B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80D44102_2_00007FF8A80D4410
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80334902_2_00007FF8A8033490
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A807A4902_2_00007FF8A807A490
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80274B12_2_00007FF8A80274B1
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A804E4D02_2_00007FF8A804E4D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80245102_2_00007FF8A8024510
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A804C5302_2_00007FF8A804C530
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A807B5302_2_00007FF8A807B530
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80645902_2_00007FF8A8064590
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80925802_2_00007FF8A8092580
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80C85B02_2_00007FF8A80C85B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80C35D02_2_00007FF8A80C35D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80416302_2_00007FF8A8041630
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80296402_2_00007FF8A8029640
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80C76C02_2_00007FF8A80C76C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80366F02_2_00007FF8A80366F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80A67002_2_00007FF8A80A6700
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80C47502_2_00007FF8A80C4750
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A806A7702_2_00007FF8A806A770
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80507902_2_00007FF8A8050790
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80D67802_2_00007FF8A80D6780
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80C27A02_2_00007FF8A80C27A0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A806F7D02_2_00007FF8A806F7D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80247C02_2_00007FF8A80247C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A804D7C02_2_00007FF8A804D7C0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80277C42_2_00007FF8A80277C4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A803C8002_2_00007FF8A803C800
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A802282E2_2_00007FF8A802282E
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80CC8702_2_00007FF8A80CC870
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80958A02_2_00007FF8A80958A0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A80CE8E02_2_00007FF8A80CE8E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A81912F02_2_00007FF8A81912F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A81918A02_2_00007FF8A81918A0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82F57702_2_00007FF8A82F5770
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B17F82_2_00007FF8A82B17F8
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B16182_2_00007FF8A82B1618
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B26122_2_00007FF8A82B2612
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B26FD2_2_00007FF8A82B26FD
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B117C2_2_00007FF8A82B117C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B24D72_2_00007FF8A82B24D7
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B149C2_2_00007FF8A82B149C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B21C12_2_00007FF8A82B21C1
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1C122_2_00007FF8A82B1C12
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82C70B02_2_00007FF8A82C70B0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B116D2_2_00007FF8A82B116D
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1B542_2_00007FF8A82B1B54
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82E83F02_2_00007FF8A82E83F0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1A0F2_2_00007FF8A82B1A0F
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B16FE2_2_00007FF8A82B16FE
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A831C5302_2_00007FF8A831C530
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B86302_2_00007FF8A82B8630
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A83226E02_2_00007FF8A83226E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B143D2_2_00007FF8A82B143D
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B13DE2_2_00007FF8A82B13DE
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B15962_2_00007FF8A82B1596
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B21DF2_2_00007FF8A82B21DF
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1AD72_2_00007FF8A82B1AD7
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8329B302_2_00007FF8A8329B30
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82D5CF02_2_00007FF8A82D5CF0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A82B1CBC2_2_00007FF8A82B1CBC
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A832C93D appears 54 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A832C931 appears 35 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A8050F90 appears 34 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A802A550 appears 171 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A82B1325 appears 314 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A832C17B appears 31 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A832C181 appears 800 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF6B3BC2B30 appears 47 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A832C16F appears 228 times
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: String function: 00007FF8A80294B0 appears 134 times
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042037175.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2044310605.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040338698.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2064520892.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042602920.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2063453461.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039996319.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042179721.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042395009.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2065504756.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041970513.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042248287.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2043368314.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038135577.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2060505812.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2044232369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040832491.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2043524542.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042105282.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2043295378.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042317637.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040617631.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040764664.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2043447097.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2063817972.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041822891.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040140318.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2044563358.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041896004.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042537214.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040899724.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040694672.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040479676.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040549976.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042467657.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042665901.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2044390005.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042735156.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041753187.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2044476371.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2043816935.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2042813624.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2065348519.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041524977.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2061153112.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038334416.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038992271.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041678944.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2040411411.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2041598534.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000000.00000003.2038836352.0000016EC0147000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exeBinary or memory string: OriginalFilename vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3300091247.00007FF8B783E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3297044136.00007FF8A886A000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301085694.00007FF8B8B45000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301376466.00007FF8B8F76000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3300556841.00007FF8B7E39000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283312344.0000026FBF790000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295886280.00007FF8A817F000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301817382.00007FF8BA259000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301276552.00007FF8B8CBB000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3298785131.00007FF8B27D1000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3300202226.00007FF8B78BD000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301710045.00007FF8B9846000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301917415.00007FF8BA4F7000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301480542.00007FF8B8F92000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3299700553.00007FF8B605B000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3300950060.00007FF8B8B13000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3301585903.00007FF8B93DE000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3297970970.00007FF8A8F25000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3299334649.00007FF8B572E000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3300838055.00007FF8B8AF9000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3300400923.00007FF8B7DFF000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs I6H1RkEHlX.exe
    Source: I6H1RkEHlX.exe, 00000002.00000002.3298223103.00007FF8A9392000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs I6H1RkEHlX.exe
    Source: classification engineClassification label: mal68.troj.winEXE@3/122@1/1
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC8560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF6B3BC8560
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882Jump to behavior
    Source: I6H1RkEHlX.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: I6H1RkEHlX.exe, I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: I6H1RkEHlX.exeReversingLabs: Detection: 23%
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile read: C:\Users\user\Desktop\I6H1RkEHlX.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\I6H1RkEHlX.exe "C:\Users\user\Desktop\I6H1RkEHlX.exe"
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeProcess created: C:\Users\user\Desktop\I6H1RkEHlX.exe "C:\Users\user\Desktop\I6H1RkEHlX.exe"
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeProcess created: C:\Users\user\Desktop\I6H1RkEHlX.exe "C:\Users\user\Desktop\I6H1RkEHlX.exe"Jump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: pywintypes312.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: I6H1RkEHlX.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: I6H1RkEHlX.exeStatic file information: File size 17569542 > 1048576
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: I6H1RkEHlX.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: I6H1RkEHlX.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043447097.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044232369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040694672.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3298169727.00007FF8A9355000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041753187.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040479676.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042467657.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043295378.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044310605.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: I6H1RkEHlX.exe, 00000002.00000002.3296790123.00007FF8A8729000.00000002.00000001.01000000.00000012.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: I6H1RkEHlX.exe, 00000000.00000003.2038135577.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301774579.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: I6H1RkEHlX.exe, 00000002.00000002.3298741675.00007FF8B27C0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039376369.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040899724.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042602920.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038334416.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300794454.00007FF8B8AF5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042317637.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042813624.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3298741675.00007FF8B27C0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3301546534.00007FF8B93D1000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040549976.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039152472.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300049745.00007FF8B7837000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3299292604.00007FF8B5721000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041970513.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040338698.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038429055.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300362249.00007FF8B7DF8000.00000002.00000001.01000000.00000014.sdmp, _asyncio.pyd.0.dr
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040617631.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042735156.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3300160001.00007FF8B78B2000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301020489.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038565002.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301439148.00007FF8B8F8D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042105282.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: I6H1RkEHlX.exe, 00000002.00000002.3298169727.00007FF8A9355000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039881329.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300907587.00007FF8B8B09000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: I6H1RkEHlX.exe, 00000000.00000003.2038334416.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3300794454.00007FF8B8AF5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044476371.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3297305284.00007FF8A8C84000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2064975477.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040832491.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: I6H1RkEHlX.exe, 00000002.00000002.3296790123.00007FF8A87C1000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: I6H1RkEHlX.exe, 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042395009.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041896004.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039703775.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301236482.00007FF8B8CB6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040411411.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042665901.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2038135577.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301774579.00007FF8BA253000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043524542.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041678944.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3296790123.00007FF8A87C1000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042037175.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2063584059.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301666637.00007FF8B9843000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041822891.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044563358.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042179721.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042537214.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2042248287.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040764664.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: I6H1RkEHlX.exe, 00000000.00000003.2039256155.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301020489.00007FF8B8B3C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043816935.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041598534.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: I6H1RkEHlX.exe, 00000002.00000002.3299292604.00007FF8B5721000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2039804947.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301338845.00007FF8B8F73000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301877473.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2041524977.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: I6H1RkEHlX.exe, 00000000.00000003.2040267808.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3301877473.00007FF8BA4F4000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3299658950.00007FF8B604F000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2061355843.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283312344.0000026FBF790000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2043368314.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: I6H1RkEHlX.exe, 00000000.00000003.2044390005.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: I6H1RkEHlX.exe, 00000002.00000002.3300462606.00007FF8B7E1D000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
    Source: I6H1RkEHlX.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: I6H1RkEHlX.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: I6H1RkEHlX.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: I6H1RkEHlX.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: I6H1RkEHlX.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: 0xA8F275DA [Mon Oct 27 06:36:10 2059 UTC]
    Source: I6H1RkEHlX.exeStatic PE information: section name: _RDATA
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3C05004 push rsp; retf 0_2_00007FF6B3C05005
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A806161E push rdx; iretd 2_2_00007FF8A8061621
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC51E0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF6B3BC51E0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16321
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeAPI coverage: 0.4 %
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BC88D0 FindFirstFileExW,FindClose,0_2_00007FF6B3BC88D0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6B3BD7E4C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE1EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6B3BE1EE4
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BD7E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF6B3BD7E4C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8031490 GetSystemInfo,2_2_00007FF8A8031490
    Source: I6H1RkEHlX.exe, 00000000.00000003.2045106078.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: I6H1RkEHlX.exe, 00000002.00000002.3283659667.0000026FC1283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWo
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BDABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B3BDABD8
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE3AF0 GetProcessHeap,0_2_00007FF6B3BE3AF0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BCBCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6B3BCBCE0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BDABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B3BDABD8
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BCC760 SetUnhandledExceptionFilter,0_2_00007FF6B3BCC760
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BCC57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B3BCC57C
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A814ABE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A814ABE0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8192AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A8192AA0
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 2_2_00007FF8A8193068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8193068
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeProcess created: C:\Users\user\Desktop\I6H1RkEHlX.exe "C:\Users\user\Desktop\I6H1RkEHlX.exe"Jump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE9E40 cpuid 0_2_00007FF6B3BE9E40
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\Desktop\I6H1RkEHlX.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI63882\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BCC460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6B3BCC460
    Source: C:\Users\user\Desktop\I6H1RkEHlX.exeCode function: 0_2_00007FF6B3BE6370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6B3BE6370

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: I6H1RkEHlX.exe PID: 4712, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: I6H1RkEHlX.exe PID: 4712, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    DLL Side-Loading    		11
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		22
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    Native API    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		11
    Process Injection    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Obfuscated Files or Information    		NTDS1
    File and Directory Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Timestomp    		LSA Secrets24
    System Information Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    I6H1RkEHlX.exe24%ReversingLabsWin32.Ransomware.PythonStealer
    I6H1RkEHlX.exe100%AviraTR/PSW.Agent.yhuiu
    I6H1RkEHlX.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$Nrjr0%Avira URL Cloudsafe
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#0%Avira URL Cloudsafe
    https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=0%Avira URL Cloudsafe
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyP0%Avira URL Cloudsafe
    https://cffi.readthedocs.io/en/latest/using.html#callbacks0%Avira URL Cloudsafe
    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html0%Avira URL Cloudsafe
    http://ocsp.accv.esXt0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    httpbin.org
    		44.196.3.45
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/pyca/cryptography/issues/8996I6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmpfalse
          		high
          https://api.telegram.org/botI6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/giampaolo/psutil/issues/875.I6H1RkEHlX.exe, 00000002.00000002.3287796343.0000026FC33F4000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://api.telegram.org/botzI6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesI6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://aka.ms/vcpython27I6H1RkEHlX.exe, 00000002.00000002.3284957819.0000026FC21E0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mhammond/pywin32I6H1RkEHlX.exe, 00000000.00000003.2063453461.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2065504756.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2065348519.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3298785131.00007FF8B27D1000.00000002.00000001.01000000.0000001E.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3299334649.00007FF8B572E000.00000002.00000001.01000000.0000001D.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drfalse
                      		high
                      http://docs.python.org/library/unittest.htmlI6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://setuptools.pypa.io/en/latest/I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#I6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/pyca/cryptography/actions?query=workflow%3ACII6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                              		high
                              http://goo.gl/zeJZl.I6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://tools.ietf.org/html/rfc2388#section-4.4I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.apache.org/licenses/LICENSE-2.0I6H1RkEHlX.exe, 00000000.00000003.2045892525.0000016EC0155000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2046066505.0000016EC0155000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000000.00000003.2045892525.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                    		high
                                    https://packaging.python.org/en/latest/specifications/core-metadata/I6H1RkEHlX.exe, 00000002.00000002.3284957819.0000026FC21E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/pypa/packagingI6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://refspecs.linuxfoundation.org/elf/gabi4I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl~ZI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#r$NrjrI6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://docs.python.org/3/library/subprocess#subprocess.Popen.killI6H1RkEHlX.exe, 00000002.00000002.3285091086.0000026FC2350000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://tools.ietf.org/html/rfc3610I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/platformdirs/platformdirsI6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://peps.python.org/pep-0205/I6H1RkEHlX.exe, 00000002.00000002.3284122354.0000026FC18C0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2072661261.0000026FC1725000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                        		high
                                                        http://crl.dhimyotis.com/certignarootca.crlI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://curl.haxx.se/rfc/cookie_spec.htmlI6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://ocsp.accv.esI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeI6H1RkEHlX.exe, 00000002.00000002.3285091086.0000026FC2350000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyI6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688I6H1RkEHlX.exe, 00000002.00000002.3283509607.0000026FC118C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://httpbin.org/getI6H1RkEHlX.exe, 00000002.00000002.3286243981.0000026FC30E0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2759000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://docs.python.org/3/library/functools.html#functools.lru_cache.I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr#I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://packaging.python.org/en/latest/specifications/entry-points/I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessI6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://pypi.org/project/build/).I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://wwww.certigna.fr/autorites/0mI6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerI6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://foo/bar.tgzI6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://github.com/python/cpython/issues/86361.I6H1RkEHlX.exe, 00000002.00000003.2073556064.0000026FC16DD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2073991260.0000026FC16DD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000003.2072661261.0000026FC1725000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.xrampsecurity.com/XGCA.crl3I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://mail.python.org/pipermail/python-dev/2012-June/120787.html.I6H1RkEHlX.exe, 00000002.00000002.3286447601.0000026FC3298000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://httpbin.org/I6H1RkEHlX.exe, 00000002.00000002.3283659667.0000026FC12D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.apache.org/licenses/I6H1RkEHlX.exe, 00000000.00000003.2045892525.0000016EC0147000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                              		high
                                                                                              https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainI6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                		high
                                                                                                https://wwww.certigna.fr/autorites/I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://repository.swisssign.com/pI6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileI6H1RkEHlX.exe, 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                      		high
                                                                                                      https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzI6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.I6H1RkEHlX.exe, 00000002.00000002.3284874977.0000026FC20D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cryptography.io/en/latest/installation/I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                              		high
                                                                                                              https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syI6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.python.org/psf/license/I6H1RkEHlX.exe, 00000002.00000002.3297656172.00007FF8A8DFC000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.accv.es/legislacion_c.htmfcI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.python.org/3/library/multiprocessing.htmlI6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://github.com/pypa/setuptools/issues/417#issuecomment-392298401I6H1RkEHlX.exe, 00000002.00000002.3284037754.0000026FC17C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/STCA.crlI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyPI6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          http://wwwsearch.sf.net/):I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.accv.es/legislacion_c.htmI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cryptography.io/en/latest/security/I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://cffi.readthedocs.io/en/latest/using.html#callbacksI6H1RkEHlX.exe, 00000002.00000002.3298380522.00007FF8B054D000.00000002.00000001.01000000.00000021.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://crl.xrampsecurity.com/XGCA.crl0I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://bugs.python.org/issue44497.I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284204867.0000026FC19C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.cert.fnmt.es/dpcs/I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26A2000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://google.com/mailI6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://packaging.python.org/specifications/entry-points/I6H1RkEHlX.exe, 00000002.00000002.3284712590.0000026FC1EC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284204867.0000026FC19C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.securetrust.com/STCA.crlYI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/jaraco/jaraco.functools/issues/5I6H1RkEHlX.exe, 00000002.00000002.3284796894.0000026FC1FC0000.00000004.00001000.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285261506.0000026FC2560000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.accv.es00I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://www.python.org/psf/license/)I6H1RkEHlX.exe, 00000002.00000002.3297305284.00007FF8A8C84000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyI6H1RkEHlX.exe, 00000002.00000002.3283340446.0000026FBF82B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.rfc-editor.org/info/rfc7253I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfI6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://readthedocs.org/projects/cryptography/badge/?version=latestI6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://foss.heptapod.net/pypy/pypy/-/issues/3539I6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://google.com/I6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://mahler:8092/site-updates.pyI6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC2766000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crl.securetrust.com/SGCA.crlI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC28D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://.../back.jpegI6H1RkEHlX.exe, 00000002.00000002.3286161341.0000026FC2F70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://tools.ietf.org/html/rfc7231#section-4.3.6)I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1C86000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tools.ietf.org/html/rfc5869I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/pyca/cryptographyI6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.python.org/download/releases/2.3/mro/.I6H1RkEHlX.exe, 00000002.00000003.2068226450.0000026FC1316000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283509607.0000026FC1110000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC27CD000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC273C000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1D8A000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3283873256.0000026FC15C0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1CE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://httpbin.org/postI6H1RkEHlX.exe, 00000002.00000002.3284660664.0000026FC1E3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/pyca/cryptography/I6H1RkEHlX.exe, 00000000.00000003.2047320534.0000016EC014A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/Ousret/charset_normalizerI6H1RkEHlX.exe, 00000002.00000002.3285426978.0000026FC26E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://www.firmaprofesional.com/cps0I6H1RkEHlX.exe, 00000002.00000002.3284296366.0000026FC1AC0000.00000004.00000020.00020000.00000000.sdmp, I6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC289B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2920I6H1RkEHlX.exe, 00000002.00000002.3286077171.0000026FC2E70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://ocsp.accv.esXtI6H1RkEHlX.exe, 00000002.00000002.3285639560.0000026FC291E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown

                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                44.196.3.45
                                                                                                                                                                                                		httpbin.orgUnited States
                                                                                                                                                                                                		14618AMAZON-AESUSfalse

                                                                                                                                                                                                General Information

                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                Analysis ID:1571332
                                                                                                                                                                                                Start date and time:2024-12-09 09:53:46 +01:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 8m 50s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:5
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:I6H1RkEHlX.exe
                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                Original Sample Name:75f46aa95a621f2353b7539cad97e52d52206faf3819fe574a9fe539b471f7fa.exe
                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                Classification:mal68.troj.winEXE@3/122@1/1
                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                • Successful, ratio: 96%
                                                                                                                                                                                                • Number of executed functions: 47
                                                                                                                                                                                                • Number of non-executed functions: 320
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                Warnings

                                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                • VT rate limit hit for: I6H1RkEHlX.exe

                                                                                                                                                                                                Simulations

                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                No simulations

                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                IPs

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                44.196.3.45hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                  L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                    478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                      eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    httpbin.orghKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    nsh99t9Dox.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.224.200.202

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    AMAZON-AESUShKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    Msig Insurance Europe.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 52.22.41.97
                                                                                                                                                                                                                    qhjKN40R2Q.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 52.22.41.97

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pydhKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                      33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                        r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                          KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              ChromeComboPack.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                speedymaqing.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousCStealerBrowse
                                                                                                                                                                                                                                    BB.batGet hashmaliciousBraodoBrowse
                                                                                                                                                                                                                                      ipEJStVxOo.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                                                                                        Entropy (8bit):4.703513333396807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                                                                                                                        MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                                                                                                                        SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                                                                                                                        SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                                                                                                                        SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                        • Filename: hKgrI6tqYx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: 33sKdwH6im.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: r2PcRF79Mo.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: KkgQY27Qqn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: ChromeComboPack.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: speedymaqing.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: BB.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: ipEJStVxOo.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                        Entropy (8bit):4.968452734961967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:JF3TgNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDqbwYH/kcX6gT:WF/1nb2mhQtkXHTeZ87VDqrMcqgYvEp
                                                                                                                                                                                                                                        MD5:371776A7E26BAEB3F75C93A8364C9AE0
                                                                                                                                                                                                                                        SHA1:BF60B2177171BA1C6B4351E6178529D4B082BDA9
                                                                                                                                                                                                                                        SHA-256:15257E96D1CA8480B8CB98F4C79B6E365FE38A1BA9638FC8C9AB7FFEA79C4762
                                                                                                                                                                                                                                        SHA-512:C23548FBCD1713C4D8348917FF2AB623C404FB0E9566AB93D147C62E06F51E63BDAA347F2D203FE4F046CE49943B38E3E9FA1433F6455C97379F2BC641AE7CE9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.061461040216793
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                                                                                                                        MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                                                                                                                        SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                                                                                                                        SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                                                                                                                        SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.236167046748013
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:/siHXqpoUol3xZhRyQX5lDnRDFYav+tcqgRvE:h6D+XBDgDgRvE
                                                                                                                                                                                                                                        MD5:D9E7218460AEE693BEA07DA7C2B40177
                                                                                                                                                                                                                                        SHA1:9264D749748D8C98D35B27BEFE6247DA23FF103D
                                                                                                                                                                                                                                        SHA-256:38E423D3BCC32EE6730941B19B7D5D8872C0D30D3DD8F9AAE1442CB052C599AD
                                                                                                                                                                                                                                        SHA-512:DDB579E2DEA9D266254C0D9E23038274D9AE33F0756419FD53EC6DC1A27D1540828EE8F4AD421A5CFFD9B805F1A68F26E70BDC1BAB69834E8ACD6D7BB7BDB0DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d....e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36352
                                                                                                                                                                                                                                        Entropy (8bit):6.558176937399355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Dz2P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuCLg46:DzeqWB7YJlmLJ3oD/S4j990th9VCsC
                                                                                                                                                                                                                                        MD5:F751792DF10CDEED391D361E82DAF596
                                                                                                                                                                                                                                        SHA1:3440738AF3C88A4255506B55A673398838B4CEAC
                                                                                                                                                                                                                                        SHA-256:9524D1DADCD2F2B0190C1B8EDE8E5199706F3D6C19D3FB005809ED4FEBF3E8B5
                                                                                                                                                                                                                                        SHA-512:6159F245418AB7AD897B02F1AADF1079608E533B9C75006EFAF24717917EAA159846EE5DFC0E85C6CFF8810319EFECBA80C1D51D1F115F00EC1AFF253E312C00
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15872
                                                                                                                                                                                                                                        Entropy (8bit):5.285191078037458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:wJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4jqccqgwYUMvEW:ikRwi3wO26Ef+yuIm9PfD7wgwYUMvE
                                                                                                                                                                                                                                        MD5:BBEA5FFAE18BF0B5679D5C5BCD762D5A
                                                                                                                                                                                                                                        SHA1:D7C2721795113370377A1C60E5CEF393473F0CC5
                                                                                                                                                                                                                                        SHA-256:1F4288A098DA3AAC2ADD54E83C8C9F2041EC895263F20576417A92E1E5B421C1
                                                                                                                                                                                                                                        SHA-512:0932EC5E69696D6DD559C30C19FC5A481BEFA38539013B9541D84499F2B6834A2FFE64A1008A1724E456FF15DDA6268B7B0AD8BA14918E2333567277B3716CC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d....e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                        Entropy (8bit):5.505471888568532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vd9VkyQ5f8vjVaCHpKpTTjaNe7oca2DW3Q2dhmdcqgwNeecBih:JkP5cjIGpKlqD2D4kzgwNeE
                                                                                                                                                                                                                                        MD5:D2175300E065347D13211F5BF7581602
                                                                                                                                                                                                                                        SHA1:3AE92C0B0ECDA1F6B240096A4E68D16D3DB1FFB0
                                                                                                                                                                                                                                        SHA-256:94556934E3F9EE73C77552D2F3FC369C02D62A4C9E7143E472F8E3EE8C00AEE1
                                                                                                                                                                                                                                        SHA-512:6156D744800206A431DEE418A1C561FFB45D726DC75467A91D26EE98503B280C6595CDEA02BDA6A023235BD010835EA1FC9CB843E9FEC3501980B47B6B490AF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.06124024160806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bUv5cJMOZA0nmwBD+XpJgLa0Mp8Qpg4P2llyM:0K1XBD+DgLa1yTi
                                                                                                                                                                                                                                        MD5:45616B10ABE82D5BB18B9C3AB446E113
                                                                                                                                                                                                                                        SHA1:91B2C0B0F690AE3ABFD9B0B92A9EA6167049B818
                                                                                                                                                                                                                                        SHA-256:F348DB1843B8F38A23AEE09DD52FB50D3771361C0D529C9C9E142A251CC1D1EC
                                                                                                                                                                                                                                        SHA-512:ACEA8C1A3A1FA19034FD913C8BE93D5E273B7719D76CB71C36F510042918EA1D9B44AC84D849570F9508D635B4829D3E10C36A461EC63825BA178F5AC1DE85FB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25088
                                                                                                                                                                                                                                        Entropy (8bit):6.475467273446457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:oc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy4IYgLWi:B6H1TZXX5XmrXA+NNxWiFdLWi
                                                                                                                                                                                                                                        MD5:CF3C2F35C37AA066FA06113839C8A857
                                                                                                                                                                                                                                        SHA1:39F3B0AEFB771D871A93681B780DA3BD85A6EDD0
                                                                                                                                                                                                                                        SHA-256:1261783F8881642C3466B96FA5879A492EA9E0DAB41284ED9E4A82E8BCF00C80
                                                                                                                                                                                                                                        SHA-512:1C36B80AAE49FD5E826E95D83297AE153FDB2BC652A47D853DF31449E99D5C29F42ED82671E2996AF60DCFB862EC5536BB0A68635D4E33D33F8901711C0C8BE6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.838534302892255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0F/1nb2mhQtkr+juOxKbDbnHcqgYvEkrK:u2f6iuOsbDtgYvEmK
                                                                                                                                                                                                                                        MD5:20708935FDD89B3EDDEEA27D4D0EA52A
                                                                                                                                                                                                                                        SHA1:85A9FE2C7C5D97FD02B47327E431D88A1DC865F7
                                                                                                                                                                                                                                        SHA-256:11DD1B49F70DB23617E84E08E709D4A9C86759D911A24EBDDFB91C414CC7F375
                                                                                                                                                                                                                                        SHA-512:F28C31B425DC38B5E9AD87B95E8071997E4A6F444608E57867016178CD0CA3E9F73A4B7F2A0A704E45F75B7DCFF54490510C6BF8461F3261F676E9294506D09B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):4.9047185025862925
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NRgPX8lvI+KnwSDTPUDEhKWPXcqgzQkvEd:2og9rUD9mpgzQkvE
                                                                                                                                                                                                                                        MD5:43BBE5D04460BD5847000804234321A6
                                                                                                                                                                                                                                        SHA1:3CAE8C4982BBD73AF26EB8C6413671425828DBB7
                                                                                                                                                                                                                                        SHA-256:FAA41385D0DB8D4EE2EE74EE540BC879CF2E884BEE87655FF3C89C8C517EED45
                                                                                                                                                                                                                                        SHA-512:DBC60F1D11D63BEBBAB3C742FB827EFBDE6DFF3C563AE1703892D5643D5906751DB3815B97CBFB7DA5FCD306017E4A1CDCC0CDD0E61ADF20E0816F9C88FE2C9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                                                        Entropy (8bit):5.300163691206422
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:j0J1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDrdkrRcqgUF6+6vEX:jM01si8XSi3SACqe7tDeDgUUjvE
                                                                                                                                                                                                                                        MD5:C6B20332B4814799E643BADFFD8DF2CD
                                                                                                                                                                                                                                        SHA1:E7DA1C1F09F6EC9A84AF0AB0616AFEA55A58E984
                                                                                                                                                                                                                                        SHA-256:61C7A532E108F67874EF2E17244358DF19158F6142680F5B21032BA4889AC5D8
                                                                                                                                                                                                                                        SHA-512:D50C7F67D2DFB268AD4CF18E16159604B6E8A50EA4F0C9137E26619FD7835FAAD323B5F6A2B8E3EC1C023E0678BCBE5D0F867CD711C5CD405BD207212228B2B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):57856
                                                                                                                                                                                                                                        Entropy (8bit):4.260220483695234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9XUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZNZY0JAIg+v:99HGHfJidSK
                                                                                                                                                                                                                                        MD5:0B538205388FDD99A043EE3AFAA074E4
                                                                                                                                                                                                                                        SHA1:E0DD9306F1DBE78F7F45A94834783E7E886EB70F
                                                                                                                                                                                                                                        SHA-256:C4769D3E6EB2A2FECB5DEC602D45D3E785C63BB96297268E3ED069CC4A019B1A
                                                                                                                                                                                                                                        SHA-512:2F4109E42DB7BC72EB50BCCC21EB200095312EA00763A255A38A4E35A77C04607E1DB7BB69A11E1D80532767B20BAA4860C05F52F32BF1C81FE61A7ECCEB35ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58368
                                                                                                                                                                                                                                        Entropy (8bit):4.276870967324261
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9jUqho9weF5/eHkRnYcZiGKdZHDL7idErZjZYXGg:9RCneH//id42
                                                                                                                                                                                                                                        MD5:6C3E976AB9F47825A5BD9F73E8DBA74E
                                                                                                                                                                                                                                        SHA1:4C6EB447FE8F195CF7F4B594CE7EAF928F52B23A
                                                                                                                                                                                                                                        SHA-256:238CDB6B8FB611DB4626E6D202E125E2C174C8F73AE8A3273B45A0FC18DEA70C
                                                                                                                                                                                                                                        SHA-512:B19516F00CC0484D9CDA82A482BBFE41635CDBBE19C13F1E63F033C9A68DD36798C44F04D6BD8BAE6523A845E852D81ACADD0D5DD86AF62CC9D081B803F8DF7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.578113904149635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwo2Pj15XkcX6gbW6z:DVddiT7pgTctEEI4qXDo11kcqgbW6
                                                                                                                                                                                                                                        MD5:FEE13D4FB947835DBB62ACA7EAFF44EF
                                                                                                                                                                                                                                        SHA1:7CC088AB68F90C563D1FE22D5E3C3F9E414EFC04
                                                                                                                                                                                                                                        SHA-256:3E0D07BBF93E0748B42B1C2550F48F0D81597486038C22548224584AE178A543
                                                                                                                                                                                                                                        SHA-512:DEA92F935BC710DF6866E89CC6EB5B53FC7ADF0F14F3D381B89D7869590A1B0B1F98F347664F7A19C6078E7AA3EB0F773FFCB711CC4275D0ECD54030D6CF5CB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.143719741413071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:IUv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Q90gYP2lXCM:BKR8I+K0lDFQgLa17zU
                                                                                                                                                                                                                                        MD5:76F88D89643B0E622263AF676A65A8B4
                                                                                                                                                                                                                                        SHA1:93A365060E98890E06D5C2D61EFBAD12F5D02E06
                                                                                                                                                                                                                                        SHA-256:605C86145B3018A5E751C6D61FD0F85CF4A9EBF2AD1F3009A4E68CF9F1A63E49
                                                                                                                                                                                                                                        SHA-512:979B97AAC01633C46C048010FA886EBB09CFDB5520E415F698616987AE850FD342A4210A8DC0FAC1E059599F253565862892171403F5E4F83754D02D2EF3F366
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17920
                                                                                                                                                                                                                                        Entropy (8bit):5.353267174592179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7PHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8bg6Vf4A:hPcnB8KSsB34cb+bcOYpMCBDX
                                                                                                                                                                                                                                        MD5:D48BFFA1AF800F6969CFB356D3F75AA6
                                                                                                                                                                                                                                        SHA1:2A0D8968D74EBC879A17045EFE86C7FB5C54AEE6
                                                                                                                                                                                                                                        SHA-256:4AA5E9CE7A76B301766D3ECBB06D2E42C2F09D0743605A91BF83069FEFE3A4DE
                                                                                                                                                                                                                                        SHA-512:30D14AD8C68B043CC49EAFB460B69E83A15900CB68B4E0CBB379FF5BA260194965EF300EB715308E7211A743FF07FA7F8779E174368DCAA7F704E43068CC4858
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.741247880746506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0F/1nb2mhQtkgU7L9D037tfcqgYvEJPb:u2f6L9DSJxgYvEJj
                                                                                                                                                                                                                                        MD5:4D9182783EF19411EBD9F1F864A2EF2F
                                                                                                                                                                                                                                        SHA1:DDC9F878B88E7B51B5F68A3F99A0857E362B0361
                                                                                                                                                                                                                                        SHA-256:C9F4C5FFCDD4F8814F8C07CE532A164AB699AE8CDE737DF02D6ECD7B5DD52DBD
                                                                                                                                                                                                                                        SHA-512:8F983984F0594C2CAC447E9D75B86D6EC08ED1C789958AFA835B0D1239FD4D7EBE16408D080E7FCE17C379954609A93FC730B11BE6F4A024E7D13D042B27F185
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                                                        Entropy (8bit):5.212941287344097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                                                                                                                        MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                                                                                                                        SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                                                                                                                        SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                                                                                                                        SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                        Entropy (8bit):5.181291194389683
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                                                                                                                        MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                                                                                                                        SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                                                                                                                        SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                                                                                                                        SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                        Entropy (8bit):5.140195114409974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                                                                                                                        MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                                                                                                                        SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                                                                                                                        SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                                                                                                                        SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.203867759982304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                                                                                                                        MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                                                                                                                        SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                                                                                                                        SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                                                                                                                        SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                        Entropy (8bit):5.478301937972917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                                                                                                                        MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                                                                                                                        SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                                                                                                                        SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                                                                                                                        SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18432
                                                                                                                                                                                                                                        Entropy (8bit):5.69608744353984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                                                                                                                        MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                                                                                                                        SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                                                                                                                        SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                                                                                                                        SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19456
                                                                                                                                                                                                                                        Entropy (8bit):5.7981108922569735
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                                                                                                                        MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                                                                                                                        SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                                                                                                                        SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                                                                                                                        SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):5.865452719694432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                                                                                                                        MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                                                                                                                        SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                                                                                                                        SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                                                                                                                        SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):5.867732744112887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                                                                                                                        MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                                                                                                                        SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                                                                                                                        SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                                                                                                                        SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27136
                                                                                                                                                                                                                                        Entropy (8bit):5.860044313282322
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                                                                                                                        MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                                                                                                                        SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                                                                                                                        SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                                                                                                                        SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27136
                                                                                                                                                                                                                                        Entropy (8bit):5.917025846093607
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                                                                                                                        MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                                                                                                                        SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                                                                                                                        SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                                                                                                                        SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.999870226643325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                                                                                                                        MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                                                                                                                        SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                                                                                                                        SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                                                                                                                        SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                        Entropy (8bit):5.025153056783597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                                                                                                                        MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                                                                                                                        SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                                                                                                                        SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                                                                                                                        SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                        Entropy (8bit):5.235115741550938
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                                                                                                                        MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                                                                                                                        SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                                                                                                                        SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                                                                                                                        SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                        Entropy (8bit):5.133714807569085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                                                                                                                        MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                                                                                                                        SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                                                                                                                        SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                                                                                                                        SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35840
                                                                                                                                                                                                                                        Entropy (8bit):5.928082706906375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                                                                                                                        MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                                                                                                                        SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                                                                                                                        SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                                                                                                                        SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.799063285091512
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                                                                                                                        MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                                                                                                                        SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                                                                                                                        SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                                                                                                                        SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):754688
                                                                                                                                                                                                                                        Entropy (8bit):7.624959985050181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                                                                                                                        MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                                                                                                                        SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                                                                                                                        SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                                                                                                                        SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27648
                                                                                                                                                                                                                                        Entropy (8bit):5.792654050660321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                                                                                                                        MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                                                                                                                        SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                                                                                                                        SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                                                                                                                        SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):6.060461288575063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                                                                                                                        MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                                                                                                                        SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                                                                                                                        SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                                                                                                                        SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.488437566846231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                                                                                                                        MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                                                                                                                        SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                                                                                                                        SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                                                                                                                        SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.730605326965181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                                                                                                                        MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                                                                                                                        SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                                                                                                                        SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                                                                                                                        SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.685843290341897
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                                                                                                                        MD5:8F4313755F65509357E281744941BD36
                                                                                                                                                                                                                                        SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                                                                                                                        SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                                                                                                                        SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):119192
                                                                                                                                                                                                                                        Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                        MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                        SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                        SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                        SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49528
                                                                                                                                                                                                                                        Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                        MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                        SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                        SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                        SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_asyncio.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):71448
                                                                                                                                                                                                                                        Entropy (8bit):6.247581706260346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                                                        MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                                                        SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                                                        SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                                                        SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_bz2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84760
                                                                                                                                                                                                                                        Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                                                        MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                                                        SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                                                        SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                                                        SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182784
                                                                                                                                                                                                                                        Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                                        MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                                        SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                                        SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                                        SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_ctypes.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):125208
                                                                                                                                                                                                                                        Entropy (8bit):6.128664719423826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                                                        MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                                                        SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                                                        SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                                                        SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_decimal.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):252696
                                                                                                                                                                                                                                        Entropy (8bit):6.564448148079112
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                                                        MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                                                        SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                                                        SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                                                        SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_hashlib.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65816
                                                                                                                                                                                                                                        Entropy (8bit):6.242741772115205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                                                        MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                                                        SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                                                        SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                                                        SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_lzma.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):159512
                                                                                                                                                                                                                                        Entropy (8bit):6.846323229710623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                                                        MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                                                        SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                                                        SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                                                        SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_multiprocessing.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35096
                                                                                                                                                                                                                                        Entropy (8bit):6.461229529356597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                                                        MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                                                        SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                                                        SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                                                        SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_overlapped.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55576
                                                                                                                                                                                                                                        Entropy (8bit):6.342203411267264
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                                                        MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                                                        SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                                                        SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                                                        SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_queue.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32536
                                                                                                                                                                                                                                        Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                                                        MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                                                        SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                                                        SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                                                        SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_socket.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83224
                                                                                                                                                                                                                                        Entropy (8bit):6.338326324626716
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                                                        MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                                                        SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                                                        SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                                                        SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_sqlite3.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):124696
                                                                                                                                                                                                                                        Entropy (8bit):6.266006891462829
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:9PfqZRAWgyjwzCO4w5y3DUfUK8PtIAOQMo:oAWgKw2C5iSUv1
                                                                                                                                                                                                                                        MD5:506B13DD3D5892B16857E3E3B8A95AFB
                                                                                                                                                                                                                                        SHA1:42E654B36F1C79000084599D49B862E4E23D75FF
                                                                                                                                                                                                                                        SHA-256:04F645A32B0C58760CC6C71D09224FE90E50409EF5C81D69C85D151DFE65AFF9
                                                                                                                                                                                                                                        SHA-512:A94F0E9F2212E0B89EB0B5C64598B18AF71B59E1297F0F6475FA4674AE56780B1E586B5EB952C8C9FEBAD38C28AFD784273BBF56645DB2C405AFAE6F472FB65C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................}........................:...................:......:......:......:.....Rich...................PE..d.....e.........." ...%.............................................................d....`.........................................`o..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_ssl.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):177432
                                                                                                                                                                                                                                        Entropy (8bit):5.976892131161338
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                                                        MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                                                        SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                                                        SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                                                        SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\_wmi.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36632
                                                                                                                                                                                                                                        Entropy (8bit):6.357254511176439
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                                                        MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                                                        SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                                                        SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                                                        SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.608323768366966
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                                                                                                        MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                                                                                                        SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                                                                                                        SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                                                                                                        SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11736
                                                                                                                                                                                                                                        Entropy (8bit):6.6074868843808785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                                                                                                        MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                                                                                                        SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                                                                                                        SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                                                                                                        SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.622854484071805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                                                                                                        MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                                                                                                        SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                                                                                                        SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                                                                                                        SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.670771733256744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                                                                                                        MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                                                                                                        SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                                                                                                        SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                                                                                                        SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15328
                                                                                                                                                                                                                                        Entropy (8bit):6.561472518225768
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                                                                                                        MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                                                                                                        SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                                                                                                        SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                                                                                                        SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.638884356866373
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                                                                                                        MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                                                                                                        SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                                                                                                        SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                                                                                                        SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11744
                                                                                                                                                                                                                                        Entropy (8bit):6.744400973311854
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                                                                                                        MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                                                                                                        SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                                                                                                        SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                                                                                                        SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11736
                                                                                                                                                                                                                                        Entropy (8bit):6.638488013343178
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                                                                                                        MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                                                                                                        SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                                                                                                        SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                                                                                                        SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12256
                                                                                                                                                                                                                                        Entropy (8bit):6.588267640761022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                                                                                                        MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                                                                                                        SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                                                                                                        SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                                                                                                        SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.678828474114903
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                                                                                                        MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                                                                                                        SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                                                                                                        SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                                                                                                        SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.602852377056617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                                                                                                        MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                                                                                                        SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                                                                                                        SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                                                                                                        SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14800
                                                                                                                                                                                                                                        Entropy (8bit):6.528059454770997
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                                                                                                        MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                                                                                                        SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                                                                                                        SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                                                                                                        SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.659218747104705
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                                                                                                        MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                                                                                                        SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                                                                                                        SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                                                                                                        SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.739082809754283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                                                                                                        MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                                                                                                        SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                                                                                                        SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                                                                                                        SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.601112204637961
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                                                                                                        MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                                                                                                        SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                                                                                                        SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                                                                                                        SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14288
                                                                                                                                                                                                                                        Entropy (8bit):6.521808801015781
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                                                                                                        MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                                                                                                        SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                                                                                                        SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                                                                                                        SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.671157737548847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                                                                                                        MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                                                                                                        SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                                                                                                        SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                                                                                                        SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.599056003106114
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                                                                                                        MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                                                                                                        SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                                                                                                        SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                                                                                                        SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.602527553095181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                                                                                                        MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                                                                                                        SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                                                                                                        SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                                                                                                        SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.6806369134652055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                                                                                                        MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                                                                                                        SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                                                                                                        SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                                                                                                        SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13776
                                                                                                                                                                                                                                        Entropy (8bit):6.573983778839785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                                                                                                        MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                                                                                                        SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                                                                                                        SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                                                                                                        SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.7137872023984055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                                                                                                        MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                                                                                                        SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                                                                                                        SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                                                                                                        SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12768
                                                                                                                                                                                                                                        Entropy (8bit):6.614330511483598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                                                                                                        MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                                                                                                        SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                                                                                                        SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                                                                                                        SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.704366348384627
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                                                                                                        MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                                                                                                        SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                                                                                                        SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                                                                                                        SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.623077637622405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                                                                                                        MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                                                                                                        SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                                                                                                        SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                                                                                                        SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.643812426159955
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                                                                                                        MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                                                                                                        SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                                                                                                        SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                                                                                                        SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15824
                                                                                                                                                                                                                                        Entropy (8bit):6.438848882089563
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                                                                                                        MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                                                                                                        SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                                                                                                        SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                                                                                                        SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.6061629057490245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                                                                                                        MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                                                                                                        SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                                                                                                        SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                                                                                                        SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13776
                                                                                                                                                                                                                                        Entropy (8bit):6.65347762698107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                                                                                                        MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                                                                                                        SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                                                                                                        SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                                                                                                        SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.58394079658593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                                                                                                        MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                                                                                                        SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                                                                                                        SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                                                                                                        SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.696904963591775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                                                                                                        MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                                                                                                        SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                                                                                                        SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                                                                                                        SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):6.216554714002396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                                                                                                        MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                                                                                                        SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                                                                                                        SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                                                                                                        SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.604643094751227
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                                                                                                        MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                                                                                                        SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                                                                                                        SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                                                                                                        SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16336
                                                                                                                                                                                                                                        Entropy (8bit):6.449023660091811
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                                                                                                        MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                                                                                                        SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                                                                                                        SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                                                                                                        SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17872
                                                                                                                                                                                                                                        Entropy (8bit):6.3934828478655685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                                                                                                        MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                                                                                                        SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                                                                                                        SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                                                                                                        SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18384
                                                                                                                                                                                                                                        Entropy (8bit):6.279474608881223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                                                                                                        MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                                                                                                        SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                                                                                                        SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                                                                                                        SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14288
                                                                                                                                                                                                                                        Entropy (8bit):6.547753630184197
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                                                                                                        MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                                                                                                        SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                                                                                                        SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                                                                                                        SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.686357863452704
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                                                                                                        MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                                                                                                        SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                                                                                                        SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                                                                                                        SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\base_library.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1332263
                                                                                                                                                                                                                                        Entropy (8bit):5.5864676354018465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1dG6sF7aYceM:uttcY+UHCiCAd+cqHdmmPHzvwaYceM
                                                                                                                                                                                                                                        MD5:630153AC2B37B16B8C5B0DBB69A3B9D6
                                                                                                                                                                                                                                        SHA1:F901CD701FE081489B45D18157B4A15C83943D9D
                                                                                                                                                                                                                                        SHA-256:EC4E6B8E9F6F1F4B525AF72D3A6827807C7A81978CB03DB5767028EBEA283BE2
                                                                                                                                                                                                                                        SHA-512:7E3A434C8DF80D32E66036D831CBD6661641C0898BD0838A07038B460261BF25B72A626DEF06D0FAA692CAF64412CA699B1FA7A848FE9D969756E097CBA39E41
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\certifi\cacert.pem

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):290282
                                                                                                                                                                                                                                        Entropy (8bit):6.048183244201235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                                                                        MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                                                                        SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                                                                        SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                                                                        SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                        MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                        SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                        SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                        SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):122880
                                                                                                                                                                                                                                        Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                        MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                        SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                        SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                        SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\INSTALLER

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Mn:M
                                                                                                                                                                                                                                        MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                        SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                        SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                        SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:pip.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\LICENSE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                                                        Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                        MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                        SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                        SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                        SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11360
                                                                                                                                                                                                                                        Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                        MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                        SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                        SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                        SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1532
                                                                                                                                                                                                                                        Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                        MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                        SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                        SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                        SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\METADATA

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5292
                                                                                                                                                                                                                                        Entropy (8bit):5.115440205505611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                                                                                                                                                                                                        MD5:137D13F917D94C83137A0FA5AE12B467
                                                                                                                                                                                                                                        SHA1:01E93402C225BF2A4EE59F9A06F8062CB5E4801E
                                                                                                                                                                                                                                        SHA-256:36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
                                                                                                                                                                                                                                        SHA-512:1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\RECORD

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15334
                                                                                                                                                                                                                                        Entropy (8bit):5.552806309785179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3X62U/ZfaigdSwJN5i6s7B0Ppzx6uvndLE4:3NUxfzgFthE4
                                                                                                                                                                                                                                        MD5:D88787EC6163B4F45579EA7CF7F56044
                                                                                                                                                                                                                                        SHA1:B241754AF16F5B2523DE1D07520DADB5ABA559BA
                                                                                                                                                                                                                                        SHA-256:E5265DE4206BAB1FB0C96212067AA1EB479C85AB0495B915938DDB365B0C948D
                                                                                                                                                                                                                                        SHA-512:F4F1C213458AC42A3417A870F7C6D2A125950F588C76F8A83D605242ABBDBCC2CBE70CA49A700710AA23AC143F2702963DEA48043C5CA86FBF0D3CE07126C696
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\WHEEL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100
                                                                                                                                                                                                                                        Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
                                                                                                                                                                                                                                        MD5:4B432A99682DE414B29A683A3546B69F
                                                                                                                                                                                                                                        SHA1:F59C5016889EE5E9F62D09B22AEFBC2211A56C93
                                                                                                                                                                                                                                        SHA-256:F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
                                                                                                                                                                                                                                        SHA-512:CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography-41.0.7.dist-info\top_level.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                        Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                        MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                        SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                        SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                        SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:cryptography.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6673920
                                                                                                                                                                                                                                        Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                        MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                        SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                        SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                        SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\libcrypto-3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5191960
                                                                                                                                                                                                                                        Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                        MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                        SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                        SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                        SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\libffi-8.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39696
                                                                                                                                                                                                                                        Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                        MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                        SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                        SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                        SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\libssl-3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):787224
                                                                                                                                                                                                                                        Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                        MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                        SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                        SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                        SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):5.90551713971002
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ZhseNxkc7Xva0Y420G1UD+dS4gBeLmRy:Z1kcbi0Y42bUD+dS4oeiRy
                                                                                                                                                                                                                                        MD5:01F9D30DD889A3519E3CA93FE6EFEE70
                                                                                                                                                                                                                                        SHA1:EBF55ADBD8CD938C4C11D076203A3E54D995AEFF
                                                                                                                                                                                                                                        SHA-256:A66444A08A8B9CEAFA05DAEFEB32AA1E65C8009A3C480599F648FA52A20AFB7D
                                                                                                                                                                                                                                        SHA-512:76FED302D62BB38A39E0BF6C9038730E83B6AFFFA2F36E7A62B85770D4847EA6C688098061945509A1FDB799FB7F5C88699F94E7DA1934F88A9C3B6A433EE9EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....~e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\pyexpat.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):199448
                                                                                                                                                                                                                                        Entropy (8bit):6.385263095268062
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                                                        MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                                                        SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                                                        SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                                                        SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\python3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):68376
                                                                                                                                                                                                                                        Entropy (8bit):6.14896460878624
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                                                        MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                                                        SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                                                        SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                                                        SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\python312.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7009048
                                                                                                                                                                                                                                        Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                                                        MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                                                        SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                                                        SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                                                        SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):134656
                                                                                                                                                                                                                                        Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                                        MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                                        SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                                        SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                                        SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\select.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30488
                                                                                                                                                                                                                                        Entropy (8bit):6.582548725691534
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                                                        MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                                                        SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                                                        SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                                                        SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\sqlite3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1500440
                                                                                                                                                                                                                                        Entropy (8bit):6.5886408023548295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:ATqtyGkxOc+wv05tP5kf82Hr/74YPF5o/P/gnAracr7/24UcypY7w0vpZUFq++I:nk0jwv4tP5kf8ar/74EF2/An4acrVUc2
                                                                                                                                                                                                                                        MD5:31CD2695493E9B0669D7361D92D46D94
                                                                                                                                                                                                                                        SHA1:19C1BC5C3856665ECA5390A2F9CD59B564C0139B
                                                                                                                                                                                                                                        SHA-256:17D547994008F1626BE2877497912687CB3EBD9A407396804310FD12C85AEAD4
                                                                                                                                                                                                                                        SHA-512:9DD8D1B900999E8CEA91F3D5F3F72D510F9CC28D7C6768A4046A9D2AA9E78A6ACE1248EC9574F5F6E53A6F1BDBFDF153D9BF73DBA05788625B03398716C87E1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SJ...+...+...+...S...+...T...+...T...+...T...+...T...+..\S...+...+...+..-....+..-....+..-.n..+..-....+..Rich.+..................PE..d....Bre.........." ...%..................................................................`..........................................d...".............................../..........P...T...............................@...............@............................text...x........................... ..`.rdata..f...........................@..@.data....G.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\ucrtbase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1035728
                                                                                                                                                                                                                                        Entropy (8bit):6.630126944065657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                                                                                                        MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                                                                                                        SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                                                                                                        SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                                                                                                        SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\unicodedata.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1137944
                                                                                                                                                                                                                                        Entropy (8bit):5.462202215180296
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                                                        MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                                                        SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                                                        SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                                                        SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\win32\win32api.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):133632
                                                                                                                                                                                                                                        Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                                        MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                                        SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                                        SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                                        SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI63882\win32\win32crypt.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):123904
                                                                                                                                                                                                                                        Entropy (8bit):5.966619585818369
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:07jbPA0SD9S3vrCqf93qMHxCjdLZn1Ya:07jtS9SfuCRCjFV
                                                                                                                                                                                                                                        MD5:47C91C74BB2C5CF696626AF04F3705AB
                                                                                                                                                                                                                                        SHA1:C086BC2825969756169FAB7DD2E560D360E1E09C
                                                                                                                                                                                                                                        SHA-256:F6EAD250FC2DE4330BD26079A44DED7F55172E05A70E28AD85D09E7881725155
                                                                                                                                                                                                                                        SHA-512:E6B6A4425B3E30CEA7BF8B09971FA0C84D6317B1A37BC1518266DC8D72C166099A8FC40A9B985300901BD921E444FF438FD30B814C1F1C6A051DF3471615C2BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." ................(........................................ ............`..........................................o..................d.......................H....G..T............................H..8............................................text...~........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.996693571650521
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:I6H1RkEHlX.exe
                                                                                                                                                                                                                                        File size:17'569'542 bytes
                                                                                                                                                                                                                                        MD5:abd3f9b48295537473af63572c5f91d3
                                                                                                                                                                                                                                        SHA1:d676386a31327f0272f4713e7d1be1cbef7c0ce3
                                                                                                                                                                                                                                        SHA256:75f46aa95a621f2353b7539cad97e52d52206faf3819fe574a9fe539b471f7fa
                                                                                                                                                                                                                                        SHA512:40909082a0009aedbe2ea53c7918c0b8545b1d5ea3e7e2f001d4aeec03f4aaf36d7d39c78d03bc38271f25656486bffc914ce372017a9527898d22d9d75f0c6a
                                                                                                                                                                                                                                        SSDEEP:393216:uEkZgf8fdntpUTLfhJe1+TtIiFyuvB5IjWqJ6eoWez1HGwFXiWCR:uRbFHUTLJE1QtItS3ILJ6e/UGhVR
                                                                                                                                                                                                                                        TLSH:94073306B3502CB1D2D152776266856E6F73B8949370CB8F03F921952F9F3624E3AE72
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x14000c1f0
                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x65CBF33A [Tue Feb 13 22:54:50 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                        OS Version Minor:2
                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                        File Version Minor:2
                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                        Subsystem Version Minor:2
                                                                                                                                                                                                                                        Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FE420FAC1BCh
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        jmp 00007FE420FABDCFh
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FE420FAC734h
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FE420FABF73h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                        jmp 00007FE420FABF57h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                                                                        je 00007FE420FABF66h
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                                                                                                                                        jne 00007FE420FABF40h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                                        jmp 00007FE420FABF49h
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                        movzx eax, byte ptr [00034267h]
                                                                                                                                                                                                                                        test ecx, ecx
                                                                                                                                                                                                                                        mov ebx, 00000001h
                                                                                                                                                                                                                                        cmove eax, ebx
                                                                                                                                                                                                                                        mov byte ptr [00034257h], al
                                                                                                                                                                                                                                        call 00007FE420FAC533h
                                                                                                                                                                                                                                        call 00007FE420FAD652h
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FE420FABF56h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        jmp 00007FE420FABF66h
                                                                                                                                                                                                                                        call 00007FE420FBA5F1h
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FE420FABF5Bh
                                                                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                                                                        call 00007FE420FAD662h
                                                                                                                                                                                                                                        jmp 00007FE420FABF3Ch
                                                                                                                                                                                                                                        mov al, bl
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 20h
                                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                        cmp byte ptr [0003421Ch], 00000000h
                                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                                        jne 00007FE420FABFB9h
                                                                                                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                                                                                                        jnbe 00007FE420FABFBCh
                                                                                                                                                                                                                                        call 00007FE420FAC69Ah
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FE420FABF7Ah

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000xf41c.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x75c.reloc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0x2b0000x12bf40x12c00dd03b29edd31623297c026c8e27aef79False0.5184375data5.835033041975148IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rsrc0x460000xf41c0xf600c654ab5a3bc06ebf8c554f36c31153c0False0.8030837144308943data7.554967714213712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0x560000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_ICON0x462080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                        RT_ICON0x470b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                        RT_ICON0x479580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                        RT_ICON0x47ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                        RT_ICON0x513ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                        RT_ICON0x539940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                        RT_ICON0x54a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                        RT_GROUP_ICON0x54ea40x68data0.7019230769230769
                                                                                                                                                                                                                                        RT_MANIFEST0x54f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                                                                        KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                        ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                        GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:42.070311069 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:42.070373058 CET4434970544.196.3.45192.168.2.5
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:42.070483923 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:43.762428999 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:43.762473106 CET4434970544.196.3.45192.168.2.5
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.532071114 CET4434970544.196.3.45192.168.2.5
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.532887936 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.532918930 CET4434970544.196.3.45192.168.2.5
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.534251928 CET4434970544.196.3.45192.168.2.5
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.534338951 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.535670042 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.535825968 CET49705443192.168.2.544.196.3.45
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.535832882 CET4434970544.196.3.45192.168.2.5
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:45.535919905 CET49705443192.168.2.544.196.3.45

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:41.765176058 CET6536553192.168.2.51.1.1.1
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:42.051568031 CET53653651.1.1.1192.168.2.5

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:41.765176058 CET192.168.2.51.1.1.10xe523Standard query (0)httpbin.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:42.051568031 CET1.1.1.1192.168.2.50xe523No error (0)httpbin.org44.196.3.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 09:54:42.051568031 CET1.1.1.1192.168.2.50xe523No error (0)httpbin.org34.224.200.202A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:03:54:35
                                                                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\I6H1RkEHlX.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6b3bc0000
                                                                                                                                                                                                                                        File size:17'569'542 bytes
                                                                                                                                                                                                                                        MD5 hash:ABD3F9B48295537473AF63572C5F91D3
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                        Start time:03:54:39
                                                                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\I6H1RkEHlX.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff6b3bc0000
                                                                                                                                                                                                                                        File size:17'569'542 bytes
                                                                                                                                                                                                                                        MD5 hash:ABD3F9B48295537473AF63572C5F91D3
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:10.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:18.5%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:28
                                                                                                                                                                                                                                          execution_graph 15257 7ff6b3bcc07c 15278 7ff6b3bcc24c 15257->15278 15260 7ff6b3bcc1c8 15374 7ff6b3bcc57c IsProcessorFeaturePresent 15260->15374 15261 7ff6b3bcc098 __scrt_acquire_startup_lock 15263 7ff6b3bcc1d2 15261->15263 15270 7ff6b3bcc0b6 __scrt_release_startup_lock 15261->15270 15264 7ff6b3bcc57c 7 API calls 15263->15264 15266 7ff6b3bcc1dd ExFilterRethrow 15264->15266 15265 7ff6b3bcc0db 15267 7ff6b3bcc161 15284 7ff6b3bcc6c8 15267->15284 15269 7ff6b3bcc166 15287 7ff6b3bc1000 15269->15287 15270->15265 15270->15267 15363 7ff6b3bda0bc 15270->15363 15275 7ff6b3bcc189 15275->15266 15370 7ff6b3bcc3e0 15275->15370 15381 7ff6b3bcc84c 15278->15381 15281 7ff6b3bcc27b __scrt_initialize_crt 15282 7ff6b3bcc090 15281->15282 15383 7ff6b3bcd998 15281->15383 15282->15260 15282->15261 15410 7ff6b3bcd0e0 15284->15410 15288 7ff6b3bc100b 15287->15288 15412 7ff6b3bc86b0 15288->15412 15290 7ff6b3bc101d 15419 7ff6b3bd5ef8 15290->15419 15292 7ff6b3bc39cb 15426 7ff6b3bc1eb0 15292->15426 15295 7ff6b3bc3ad2 15555 7ff6b3bcbcc0 15295->15555 15299 7ff6b3bc39ea 15299->15295 15442 7ff6b3bc7b60 15299->15442 15301 7ff6b3bc3a1f 15302 7ff6b3bc3a6b 15301->15302 15303 7ff6b3bc7b60 61 API calls 15301->15303 15457 7ff6b3bc8040 15302->15457 15309 7ff6b3bc3a40 __vcrt_freefls 15303->15309 15305 7ff6b3bc3a80 15461 7ff6b3bc1cb0 15305->15461 15308 7ff6b3bc3b71 15311 7ff6b3bc3b95 15308->15311 15480 7ff6b3bc14f0 15308->15480 15309->15302 15313 7ff6b3bc8040 58 API calls 15309->15313 15310 7ff6b3bc1cb0 121 API calls 15312 7ff6b3bc3ab6 15310->15312 15311->15295 15314 7ff6b3bc3bef 15311->15314 15487 7ff6b3bc8ae0 15311->15487 15316 7ff6b3bc3af8 15312->15316 15317 7ff6b3bc3aba 15312->15317 15313->15302 15501 7ff6b3bc6de0 15314->15501 15316->15308 15564 7ff6b3bc3fd0 15316->15564 15542 7ff6b3bc2b30 15317->15542 15319 7ff6b3bc3bcc 15322 7ff6b3bc3bd1 15319->15322 15323 7ff6b3bc3be2 SetDllDirectoryW 15319->15323 15326 7ff6b3bc2b30 59 API calls 15322->15326 15323->15314 15326->15295 15327 7ff6b3bc3c3b 15335 7ff6b3bc3d06 15327->15335 15342 7ff6b3bc3c5a 15327->15342 15329 7ff6b3bc3b16 15334 7ff6b3bc2b30 59 API calls 15329->15334 15332 7ff6b3bc3c09 15332->15327 15596 7ff6b3bc65f0 15332->15596 15333 7ff6b3bc3b44 15333->15308 15338 7ff6b3bc3b49 15333->15338 15334->15295 15505 7ff6b3bc34c0 15335->15505 15583 7ff6b3bd018c 15338->15583 15348 7ff6b3bc3ca5 15342->15348 15638 7ff6b3bc1ef0 15342->15638 15343 7ff6b3bc3c3d 15632 7ff6b3bc6840 15343->15632 15348->15295 15642 7ff6b3bc3460 15348->15642 15350 7ff6b3bc3d2e 15352 7ff6b3bc7b60 61 API calls 15350->15352 15356 7ff6b3bc3d3a 15352->15356 15355 7ff6b3bc3ce1 15358 7ff6b3bc6840 FreeLibrary 15355->15358 15519 7ff6b3bc8080 15356->15519 15358->15295 15364 7ff6b3bda0d3 15363->15364 15365 7ff6b3bda0f4 15363->15365 15364->15267 18225 7ff6b3bda968 15365->18225 15368 7ff6b3bcc70c GetModuleHandleW 15369 7ff6b3bcc71d 15368->15369 15369->15275 15371 7ff6b3bcc3f1 15370->15371 15372 7ff6b3bcc1a0 15371->15372 15373 7ff6b3bcd998 __scrt_initialize_crt 7 API calls 15371->15373 15372->15265 15373->15372 15375 7ff6b3bcc5a2 _wfindfirst32i64 __scrt_get_show_window_mode 15374->15375 15376 7ff6b3bcc5c1 RtlCaptureContext RtlLookupFunctionEntry 15375->15376 15377 7ff6b3bcc5ea RtlVirtualUnwind 15376->15377 15378 7ff6b3bcc626 __scrt_get_show_window_mode 15376->15378 15377->15378 15379 7ff6b3bcc658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15378->15379 15380 7ff6b3bcc6aa _wfindfirst32i64 15379->15380 15380->15263 15382 7ff6b3bcc26e __scrt_dllmain_crt_thread_attach 15381->15382 15382->15281 15382->15282 15384 7ff6b3bcd9a0 15383->15384 15385 7ff6b3bcd9aa 15383->15385 15389 7ff6b3bcdd14 15384->15389 15385->15282 15390 7ff6b3bcdd23 15389->15390 15391 7ff6b3bcd9a5 15389->15391 15397 7ff6b3bcdf50 15390->15397 15393 7ff6b3bcdd80 15391->15393 15394 7ff6b3bcddab 15393->15394 15395 7ff6b3bcdd8e DeleteCriticalSection 15394->15395 15396 7ff6b3bcddaf 15394->15396 15395->15394 15396->15385 15401 7ff6b3bcddb8 15397->15401 15402 7ff6b3bcded2 TlsFree 15401->15402 15407 7ff6b3bcddfc __vcrt_FlsAlloc 15401->15407 15403 7ff6b3bcde2a LoadLibraryExW 15405 7ff6b3bcdea1 15403->15405 15406 7ff6b3bcde4b GetLastError 15403->15406 15404 7ff6b3bcdec1 GetProcAddress 15404->15402 15405->15404 15408 7ff6b3bcdeb8 FreeLibrary 15405->15408 15406->15407 15407->15402 15407->15403 15407->15404 15409 7ff6b3bcde6d LoadLibraryExW 15407->15409 15408->15404 15409->15405 15409->15407 15411 7ff6b3bcc6df GetStartupInfoW 15410->15411 15411->15269 15414 7ff6b3bc86cf 15412->15414 15413 7ff6b3bc86d7 __vcrt_freefls 15413->15290 15414->15413 15415 7ff6b3bc8720 WideCharToMultiByte 15414->15415 15416 7ff6b3bc8774 WideCharToMultiByte 15414->15416 15417 7ff6b3bc87c6 15414->15417 15415->15414 15415->15417 15416->15414 15416->15417 15690 7ff6b3bc29e0 15417->15690 15422 7ff6b3be0050 15419->15422 15420 7ff6b3be00a3 15421 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15420->15421 15425 7ff6b3be00cc 15421->15425 15422->15420 15423 7ff6b3be00f6 15422->15423 16128 7ff6b3bdff28 15423->16128 15425->15292 15427 7ff6b3bc1ec5 15426->15427 15428 7ff6b3bc1ee0 15427->15428 16136 7ff6b3bc2890 15427->16136 15428->15295 15430 7ff6b3bc3ec0 15428->15430 15431 7ff6b3bcbc60 15430->15431 15432 7ff6b3bc3ecc GetModuleFileNameW 15431->15432 15433 7ff6b3bc3f12 15432->15433 15434 7ff6b3bc3efb 15432->15434 16176 7ff6b3bc8bf0 15433->16176 15436 7ff6b3bc29e0 57 API calls 15434->15436 15438 7ff6b3bc3f0e 15436->15438 15440 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15438->15440 15439 7ff6b3bc2b30 59 API calls 15439->15438 15441 7ff6b3bc3f4f 15440->15441 15441->15299 15443 7ff6b3bc7b6a 15442->15443 15444 7ff6b3bc8ae0 57 API calls 15443->15444 15445 7ff6b3bc7b8c GetEnvironmentVariableW 15444->15445 15446 7ff6b3bc7ba4 ExpandEnvironmentStringsW 15445->15446 15447 7ff6b3bc7bf6 15445->15447 15448 7ff6b3bc8bf0 59 API calls 15446->15448 15449 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15447->15449 15450 7ff6b3bc7bcc 15448->15450 15451 7ff6b3bc7c08 15449->15451 15450->15447 15452 7ff6b3bc7bd6 15450->15452 15451->15301 16187 7ff6b3bda99c 15452->16187 15455 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15456 7ff6b3bc7bee 15455->15456 15456->15301 15458 7ff6b3bc8ae0 57 API calls 15457->15458 15459 7ff6b3bc8057 SetEnvironmentVariableW 15458->15459 15460 7ff6b3bc806f __vcrt_freefls 15459->15460 15460->15305 15462 7ff6b3bc1cbe 15461->15462 15463 7ff6b3bc1ef0 49 API calls 15462->15463 15464 7ff6b3bc1cf4 15463->15464 15465 7ff6b3bc1ef0 49 API calls 15464->15465 15474 7ff6b3bc1dde 15464->15474 15467 7ff6b3bc1d1a 15465->15467 15466 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15468 7ff6b3bc1e6c 15466->15468 15467->15474 16194 7ff6b3bc1aa0 15467->16194 15468->15308 15468->15310 15472 7ff6b3bc1dcc 15473 7ff6b3bc3e40 49 API calls 15472->15473 15473->15474 15474->15466 15475 7ff6b3bc1d8f 15475->15472 15476 7ff6b3bc1e34 15475->15476 15477 7ff6b3bc3e40 49 API calls 15476->15477 15478 7ff6b3bc1e41 15477->15478 16230 7ff6b3bc4050 15478->16230 15481 7ff6b3bc157f 15480->15481 15483 7ff6b3bc1506 15480->15483 15481->15311 16272 7ff6b3bc7950 15483->16272 15485 7ff6b3bc2b30 59 API calls 15486 7ff6b3bc1564 15485->15486 15486->15311 15488 7ff6b3bc8b01 MultiByteToWideChar 15487->15488 15489 7ff6b3bc8b87 MultiByteToWideChar 15487->15489 15492 7ff6b3bc8b27 15488->15492 15495 7ff6b3bc8b4c 15488->15495 15490 7ff6b3bc8bcf 15489->15490 15491 7ff6b3bc8baa 15489->15491 15490->15319 15493 7ff6b3bc29e0 55 API calls 15491->15493 15494 7ff6b3bc29e0 55 API calls 15492->15494 15496 7ff6b3bc8bbd 15493->15496 15497 7ff6b3bc8b3a 15494->15497 15495->15489 15498 7ff6b3bc8b62 15495->15498 15496->15319 15497->15319 15499 7ff6b3bc29e0 55 API calls 15498->15499 15500 7ff6b3bc8b75 15499->15500 15500->15319 15503 7ff6b3bc6df5 15501->15503 15502 7ff6b3bc3bf4 15502->15327 15587 7ff6b3bc6a90 15502->15587 15503->15502 15504 7ff6b3bc2890 59 API calls 15503->15504 15504->15502 15506 7ff6b3bc3574 15505->15506 15509 7ff6b3bc3533 15505->15509 15507 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15506->15507 15508 7ff6b3bc35c5 15507->15508 15508->15295 15512 7ff6b3bc7fd0 15508->15512 15509->15506 16814 7ff6b3bc1710 15509->16814 16856 7ff6b3bc2d70 15509->16856 15513 7ff6b3bc8ae0 57 API calls 15512->15513 15514 7ff6b3bc7fef 15513->15514 15515 7ff6b3bc8ae0 57 API calls 15514->15515 15516 7ff6b3bc7fff 15515->15516 15517 7ff6b3bd7dec 38 API calls 15516->15517 15518 7ff6b3bc800d __vcrt_freefls 15517->15518 15518->15350 15520 7ff6b3bc8090 15519->15520 15521 7ff6b3bc8ae0 57 API calls 15520->15521 15522 7ff6b3bc80c1 SetConsoleCtrlHandler GetStartupInfoW 15521->15522 15543 7ff6b3bc2b50 15542->15543 15544 7ff6b3bd4ac4 49 API calls 15543->15544 15545 7ff6b3bc2b9b __scrt_get_show_window_mode 15544->15545 15546 7ff6b3bc8ae0 57 API calls 15545->15546 15547 7ff6b3bc2bd0 15546->15547 15548 7ff6b3bc2bd5 15547->15548 15549 7ff6b3bc2c0d MessageBoxA 15547->15549 15550 7ff6b3bc8ae0 57 API calls 15548->15550 15551 7ff6b3bc2c27 15549->15551 15552 7ff6b3bc2bef MessageBoxW 15550->15552 15553 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15551->15553 15552->15551 15554 7ff6b3bc2c37 15553->15554 15554->15295 15556 7ff6b3bcbcc9 15555->15556 15557 7ff6b3bc3ae6 15556->15557 15558 7ff6b3bcbd20 IsProcessorFeaturePresent 15556->15558 15557->15368 15559 7ff6b3bcbd38 15558->15559 17363 7ff6b3bcbf14 RtlCaptureContext 15559->17363 15565 7ff6b3bc3fdc 15564->15565 15566 7ff6b3bc8ae0 57 API calls 15565->15566 15567 7ff6b3bc4007 15566->15567 15568 7ff6b3bc8ae0 57 API calls 15567->15568 15569 7ff6b3bc401a 15568->15569 17368 7ff6b3bd64a8 15569->17368 15572 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15573 7ff6b3bc3b0e 15572->15573 15573->15329 15574 7ff6b3bc82b0 15573->15574 15575 7ff6b3bc82d4 15574->15575 15576 7ff6b3bd0814 73 API calls 15575->15576 15578 7ff6b3bc83ab __vcrt_freefls 15575->15578 15577 7ff6b3bc82ee 15576->15577 15577->15578 17747 7ff6b3bd9070 15577->17747 15578->15333 15584 7ff6b3bd01bc 15583->15584 17762 7ff6b3bcff68 15584->17762 15588 7ff6b3bc6ab3 15587->15588 15589 7ff6b3bc6aca 15587->15589 15588->15589 17773 7ff6b3bc15a0 15588->17773 15589->15332 15591 7ff6b3bc6ad4 15591->15589 15592 7ff6b3bc4050 49 API calls 15591->15592 15593 7ff6b3bc6b35 15592->15593 15594 7ff6b3bc2b30 59 API calls 15593->15594 15595 7ff6b3bc6ba5 memcpy_s __vcrt_freefls 15593->15595 15594->15589 15595->15332 15601 7ff6b3bc660a memcpy_s 15596->15601 15598 7ff6b3bc672f 15600 7ff6b3bc4050 49 API calls 15598->15600 15599 7ff6b3bc674b 15602 7ff6b3bc2b30 59 API calls 15599->15602 15603 7ff6b3bc67a8 15600->15603 15601->15598 15601->15599 15604 7ff6b3bc4050 49 API calls 15601->15604 15605 7ff6b3bc6710 15601->15605 15613 7ff6b3bc1710 144 API calls 15601->15613 15614 7ff6b3bc6731 15601->15614 17797 7ff6b3bc1950 15601->17797 15608 7ff6b3bc6741 __vcrt_freefls 15602->15608 15606 7ff6b3bc4050 49 API calls 15603->15606 15604->15601 15605->15598 15607 7ff6b3bc4050 49 API calls 15605->15607 15610 7ff6b3bc67d8 15606->15610 15607->15598 15609 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15608->15609 15611 7ff6b3bc3c1a 15609->15611 15612 7ff6b3bc4050 49 API calls 15610->15612 15611->15343 15616 7ff6b3bc6570 15611->15616 15612->15608 15613->15601 15615 7ff6b3bc2b30 59 API calls 15614->15615 15615->15608 17801 7ff6b3bc8260 15616->17801 15618 7ff6b3bc658c 15619 7ff6b3bc8260 58 API calls 15618->15619 15620 7ff6b3bc659f 15619->15620 15621 7ff6b3bc65d5 15620->15621 15622 7ff6b3bc65b7 15620->15622 15623 7ff6b3bc2b30 59 API calls 15621->15623 17805 7ff6b3bc6ef0 GetProcAddress 15622->17805 15636 7ff6b3bc687d 15632->15636 15637 7ff6b3bc6852 15632->15637 15634 7ff6b3bc693b 15634->15636 17865 7ff6b3bc8240 FreeLibrary 15634->17865 15636->15327 15637->15634 15637->15636 17864 7ff6b3bc8240 FreeLibrary 15637->17864 15639 7ff6b3bc1f15 15638->15639 15640 7ff6b3bd4ac4 49 API calls 15639->15640 15641 7ff6b3bc1f38 15640->15641 15641->15348 17866 7ff6b3bc5bc0 15642->17866 15645 7ff6b3bc34ad 15645->15355 15709 7ff6b3bcbc60 15690->15709 15693 7ff6b3bc2a29 15711 7ff6b3bd4ac4 15693->15711 15698 7ff6b3bc1ef0 49 API calls 15699 7ff6b3bc2a86 __scrt_get_show_window_mode 15698->15699 15700 7ff6b3bc8ae0 54 API calls 15699->15700 15701 7ff6b3bc2abb 15700->15701 15702 7ff6b3bc2ac0 15701->15702 15703 7ff6b3bc2af8 MessageBoxA 15701->15703 15704 7ff6b3bc8ae0 54 API calls 15702->15704 15705 7ff6b3bc2b12 15703->15705 15706 7ff6b3bc2ada MessageBoxW 15704->15706 15707 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15705->15707 15706->15705 15708 7ff6b3bc2b22 15707->15708 15708->15413 15710 7ff6b3bc29fc GetLastError 15709->15710 15710->15693 15715 7ff6b3bd4b1e 15711->15715 15712 7ff6b3bd4b43 15741 7ff6b3bdadd8 15712->15741 15714 7ff6b3bd4b7f 15749 7ff6b3bd2d50 15714->15749 15715->15712 15715->15714 15717 7ff6b3bd4b6d 15719 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15717->15719 15722 7ff6b3bc2a57 15719->15722 15720 7ff6b3bdaf0c __free_lconv_num 11 API calls 15720->15717 15721 7ff6b3bd4c5c 15721->15720 15729 7ff6b3bc8560 15722->15729 15723 7ff6b3bd4c80 15723->15721 15725 7ff6b3bd4c8a 15723->15725 15724 7ff6b3bd4c31 15726 7ff6b3bdaf0c __free_lconv_num 11 API calls 15724->15726 15728 7ff6b3bdaf0c __free_lconv_num 11 API calls 15725->15728 15726->15717 15727 7ff6b3bd4c28 15727->15721 15727->15724 15728->15717 15730 7ff6b3bc856c 15729->15730 15731 7ff6b3bc858d FormatMessageW 15730->15731 15732 7ff6b3bc8587 GetLastError 15730->15732 15733 7ff6b3bc85c0 15731->15733 15734 7ff6b3bc85dc WideCharToMultiByte 15731->15734 15732->15731 15735 7ff6b3bc29e0 54 API calls 15733->15735 15736 7ff6b3bc85d3 15734->15736 15737 7ff6b3bc8616 15734->15737 15735->15736 15739 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15736->15739 15738 7ff6b3bc29e0 54 API calls 15737->15738 15738->15736 15740 7ff6b3bc2a5e 15739->15740 15740->15698 15763 7ff6b3bdab20 15741->15763 15745 7ff6b3bdae13 15745->15717 15750 7ff6b3bd2d8e 15749->15750 15751 7ff6b3bd2d7e 15749->15751 15752 7ff6b3bd2d97 15750->15752 15756 7ff6b3bd2dc5 15750->15756 15754 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15751->15754 15755 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15752->15755 15753 7ff6b3bd2dbd 15753->15721 15753->15723 15753->15724 15753->15727 15754->15753 15755->15753 15756->15751 15756->15753 15759 7ff6b3bd3074 15756->15759 15801 7ff6b3bd36e0 15756->15801 15827 7ff6b3bd33a8 15756->15827 15857 7ff6b3bd2c30 15756->15857 15860 7ff6b3bd4900 15756->15860 15761 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15759->15761 15761->15751 15764 7ff6b3bdab3c GetLastError 15763->15764 15765 7ff6b3bdab77 15763->15765 15766 7ff6b3bdab4c 15764->15766 15765->15745 15769 7ff6b3bdab8c 15765->15769 15776 7ff6b3bdb950 15766->15776 15770 7ff6b3bdabc0 15769->15770 15771 7ff6b3bdaba8 GetLastError SetLastError 15769->15771 15770->15745 15772 7ff6b3bdaec4 IsProcessorFeaturePresent 15770->15772 15771->15770 15773 7ff6b3bdaed7 15772->15773 15793 7ff6b3bdabd8 15773->15793 15777 7ff6b3bdb96f FlsGetValue 15776->15777 15778 7ff6b3bdb98a FlsSetValue 15776->15778 15779 7ff6b3bdb984 15777->15779 15781 7ff6b3bdab67 SetLastError 15777->15781 15780 7ff6b3bdb997 15778->15780 15778->15781 15779->15778 15782 7ff6b3bdf158 _findclose 11 API calls 15780->15782 15781->15765 15783 7ff6b3bdb9a6 15782->15783 15784 7ff6b3bdb9c4 FlsSetValue 15783->15784 15785 7ff6b3bdb9b4 FlsSetValue 15783->15785 15786 7ff6b3bdb9e2 15784->15786 15787 7ff6b3bdb9d0 FlsSetValue 15784->15787 15788 7ff6b3bdb9bd 15785->15788 15789 7ff6b3bdb4b8 _findclose 11 API calls 15786->15789 15787->15788 15790 7ff6b3bdaf0c __free_lconv_num 11 API calls 15788->15790 15791 7ff6b3bdb9ea 15789->15791 15790->15781 15792 7ff6b3bdaf0c __free_lconv_num 11 API calls 15791->15792 15792->15781 15794 7ff6b3bdac12 _wfindfirst32i64 __scrt_get_show_window_mode 15793->15794 15795 7ff6b3bdac3a RtlCaptureContext RtlLookupFunctionEntry 15794->15795 15796 7ff6b3bdac74 RtlVirtualUnwind 15795->15796 15797 7ff6b3bdacaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15795->15797 15796->15797 15799 7ff6b3bdacfc _wfindfirst32i64 15797->15799 15798 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15800 7ff6b3bdad1b GetCurrentProcess TerminateProcess 15798->15800 15799->15798 15802 7ff6b3bd3722 15801->15802 15803 7ff6b3bd3795 15801->15803 15804 7ff6b3bd37bf 15802->15804 15805 7ff6b3bd3728 15802->15805 15806 7ff6b3bd37ef 15803->15806 15807 7ff6b3bd379a 15803->15807 15884 7ff6b3bd1c90 15804->15884 15814 7ff6b3bd372d 15805->15814 15818 7ff6b3bd37fe 15805->15818 15806->15804 15806->15818 15825 7ff6b3bd3758 15806->15825 15808 7ff6b3bd37cf 15807->15808 15809 7ff6b3bd379c 15807->15809 15891 7ff6b3bd1880 15808->15891 15811 7ff6b3bd373d 15809->15811 15817 7ff6b3bd37ab 15809->15817 15826 7ff6b3bd382d 15811->15826 15866 7ff6b3bd4044 15811->15866 15814->15811 15816 7ff6b3bd3770 15814->15816 15814->15825 15816->15826 15876 7ff6b3bd4500 15816->15876 15817->15804 15819 7ff6b3bd37b0 15817->15819 15818->15826 15898 7ff6b3bd20a0 15818->15898 15819->15826 15880 7ff6b3bd4698 15819->15880 15821 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15823 7ff6b3bd3ac3 15821->15823 15823->15756 15825->15826 15905 7ff6b3bdee18 15825->15905 15826->15821 15828 7ff6b3bd33b3 15827->15828 15829 7ff6b3bd33c9 15827->15829 15831 7ff6b3bd3722 15828->15831 15832 7ff6b3bd3795 15828->15832 15838 7ff6b3bd3407 15828->15838 15830 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15829->15830 15829->15838 15830->15838 15833 7ff6b3bd3728 15831->15833 15835 7ff6b3bd37bf 15831->15835 15834 7ff6b3bd379a 15832->15834 15841 7ff6b3bd37ef 15832->15841 15842 7ff6b3bd372d 15833->15842 15845 7ff6b3bd37fe 15833->15845 15837 7ff6b3bd37cf 15834->15837 15840 7ff6b3bd379c 15834->15840 15836 7ff6b3bd1c90 38 API calls 15835->15836 15855 7ff6b3bd3758 15836->15855 15843 7ff6b3bd1880 38 API calls 15837->15843 15838->15756 15839 7ff6b3bd373d 15844 7ff6b3bd4044 47 API calls 15839->15844 15856 7ff6b3bd382d 15839->15856 15840->15839 15847 7ff6b3bd37ab 15840->15847 15841->15835 15841->15845 15841->15855 15842->15839 15848 7ff6b3bd3770 15842->15848 15842->15855 15843->15855 15844->15855 15846 7ff6b3bd20a0 38 API calls 15845->15846 15845->15856 15846->15855 15847->15835 15849 7ff6b3bd37b0 15847->15849 15850 7ff6b3bd4500 47 API calls 15848->15850 15848->15856 15852 7ff6b3bd4698 37 API calls 15849->15852 15849->15856 15850->15855 15851 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 15853 7ff6b3bd3ac3 15851->15853 15852->15855 15853->15756 15854 7ff6b3bdee18 47 API calls 15854->15855 15855->15854 15855->15856 15856->15851 16056 7ff6b3bd0e54 15857->16056 15861 7ff6b3bd4917 15860->15861 16073 7ff6b3bddf78 15861->16073 15867 7ff6b3bd4066 15866->15867 15915 7ff6b3bd0cc0 15867->15915 15872 7ff6b3bd4900 45 API calls 15873 7ff6b3bd41a3 15872->15873 15874 7ff6b3bd4900 45 API calls 15873->15874 15875 7ff6b3bd422c 15873->15875 15874->15875 15875->15825 15877 7ff6b3bd4518 15876->15877 15879 7ff6b3bd4580 15876->15879 15878 7ff6b3bdee18 47 API calls 15877->15878 15877->15879 15878->15879 15879->15825 15881 7ff6b3bd46b9 15880->15881 15882 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15881->15882 15883 7ff6b3bd46ea 15881->15883 15882->15883 15883->15825 15885 7ff6b3bd1cc3 15884->15885 15886 7ff6b3bd1cf2 15885->15886 15888 7ff6b3bd1daf 15885->15888 15887 7ff6b3bd0cc0 12 API calls 15886->15887 15890 7ff6b3bd1d2f 15886->15890 15887->15890 15889 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15888->15889 15889->15890 15890->15825 15892 7ff6b3bd18b3 15891->15892 15893 7ff6b3bd18e2 15892->15893 15895 7ff6b3bd199f 15892->15895 15894 7ff6b3bd0cc0 12 API calls 15893->15894 15897 7ff6b3bd191f 15893->15897 15894->15897 15896 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15895->15896 15896->15897 15897->15825 15899 7ff6b3bd20d3 15898->15899 15900 7ff6b3bd2102 15899->15900 15902 7ff6b3bd21bf 15899->15902 15901 7ff6b3bd0cc0 12 API calls 15900->15901 15904 7ff6b3bd213f 15900->15904 15901->15904 15903 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15902->15903 15903->15904 15904->15825 15906 7ff6b3bdee40 15905->15906 15907 7ff6b3bdee85 15906->15907 15908 7ff6b3bd4900 45 API calls 15906->15908 15912 7ff6b3bdee45 __scrt_get_show_window_mode 15906->15912 15914 7ff6b3bdee6e __scrt_get_show_window_mode 15906->15914 15907->15912 15907->15914 16053 7ff6b3be04c8 15907->16053 15908->15907 15909 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15909->15912 15912->15825 15914->15909 15914->15912 15916 7ff6b3bd0ce6 15915->15916 15917 7ff6b3bd0cf7 15915->15917 15923 7ff6b3bdeb30 15916->15923 15917->15916 15918 7ff6b3bddbbc _fread_nolock 12 API calls 15917->15918 15919 7ff6b3bd0d24 15918->15919 15920 7ff6b3bd0d38 15919->15920 15922 7ff6b3bdaf0c __free_lconv_num 11 API calls 15919->15922 15921 7ff6b3bdaf0c __free_lconv_num 11 API calls 15920->15921 15921->15916 15922->15920 15924 7ff6b3bdeb80 15923->15924 15925 7ff6b3bdeb4d 15923->15925 15924->15925 15927 7ff6b3bdebb2 15924->15927 15926 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15925->15926 15936 7ff6b3bd4181 15926->15936 15933 7ff6b3bdecc5 15927->15933 15940 7ff6b3bdebfa 15927->15940 15928 7ff6b3bdedb7 15978 7ff6b3bde01c 15928->15978 15930 7ff6b3bded7d 15971 7ff6b3bde3b4 15930->15971 15932 7ff6b3bded4c 15964 7ff6b3bde694 15932->15964 15933->15928 15933->15930 15933->15932 15935 7ff6b3bded0f 15933->15935 15937 7ff6b3bded05 15933->15937 15954 7ff6b3bde8c4 15935->15954 15936->15872 15936->15873 15937->15930 15939 7ff6b3bded0a 15937->15939 15939->15932 15939->15935 15940->15936 15945 7ff6b3bdaa3c 15940->15945 15943 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 15944 7ff6b3bdee14 15943->15944 15946 7ff6b3bdaa53 15945->15946 15947 7ff6b3bdaa49 15945->15947 15948 7ff6b3bd54c4 _findclose 11 API calls 15946->15948 15947->15946 15952 7ff6b3bdaa6e 15947->15952 15949 7ff6b3bdaa5a 15948->15949 15987 7ff6b3bdaea4 15949->15987 15951 7ff6b3bdaa66 15951->15936 15951->15943 15952->15951 15953 7ff6b3bd54c4 _findclose 11 API calls 15952->15953 15953->15949 15989 7ff6b3be471c 15954->15989 15958 7ff6b3bde96c 15959 7ff6b3bde9c1 15958->15959 15960 7ff6b3bde98c 15958->15960 15963 7ff6b3bde970 15958->15963 16042 7ff6b3bde4b0 15959->16042 16038 7ff6b3bde76c 15960->16038 15963->15936 15965 7ff6b3be471c 38 API calls 15964->15965 15966 7ff6b3bde6de 15965->15966 15967 7ff6b3be4164 37 API calls 15966->15967 15968 7ff6b3bde72e 15967->15968 15969 7ff6b3bde732 15968->15969 15970 7ff6b3bde76c 45 API calls 15968->15970 15969->15936 15970->15969 15972 7ff6b3be471c 38 API calls 15971->15972 15973 7ff6b3bde3ff 15972->15973 15974 7ff6b3be4164 37 API calls 15973->15974 15975 7ff6b3bde457 15974->15975 15976 7ff6b3bde45b 15975->15976 15977 7ff6b3bde4b0 45 API calls 15975->15977 15976->15936 15977->15976 15979 7ff6b3bde094 15978->15979 15980 7ff6b3bde061 15978->15980 15982 7ff6b3bde0ac 15979->15982 15984 7ff6b3bde12d 15979->15984 15981 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 15980->15981 15986 7ff6b3bde08d __scrt_get_show_window_mode 15981->15986 15983 7ff6b3bde3b4 46 API calls 15982->15983 15983->15986 15985 7ff6b3bd4900 45 API calls 15984->15985 15984->15986 15985->15986 15986->15936 15988 7ff6b3bdad3c _invalid_parameter_noinfo 37 API calls 15987->15988 15990 7ff6b3be476f fegetenv 15989->15990 15991 7ff6b3be867c 37 API calls 15990->15991 15994 7ff6b3be47c2 15991->15994 15992 7ff6b3be47ef 15996 7ff6b3bdaa3c __std_exception_copy 37 API calls 15992->15996 15993 7ff6b3be48b2 15995 7ff6b3be867c 37 API calls 15993->15995 15994->15993 15999 7ff6b3be488c 15994->15999 16000 7ff6b3be47dd 15994->16000 15997 7ff6b3be48dc 15995->15997 15998 7ff6b3be486d 15996->15998 16001 7ff6b3be867c 37 API calls 15997->16001 16003 7ff6b3be5994 15998->16003 16008 7ff6b3be4875 15998->16008 16004 7ff6b3bdaa3c __std_exception_copy 37 API calls 15999->16004 16000->15992 16000->15993 16002 7ff6b3be48ed 16001->16002 16005 7ff6b3be8870 20 API calls 16002->16005 16006 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 16003->16006 16004->15998 16011 7ff6b3be4956 __scrt_get_show_window_mode 16005->16011 16007 7ff6b3be59a9 16006->16007 16009 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16008->16009 16010 7ff6b3bde911 16009->16010 16034 7ff6b3be4164 16010->16034 16012 7ff6b3be4997 memcpy_s 16011->16012 16013 7ff6b3be4cff __scrt_get_show_window_mode 16011->16013 16018 7ff6b3bd54c4 _findclose 11 API calls 16011->16018 16028 7ff6b3be52db memcpy_s __scrt_get_show_window_mode 16012->16028 16029 7ff6b3be4df3 memcpy_s __scrt_get_show_window_mode 16012->16029 16014 7ff6b3be503f 16015 7ff6b3be4280 37 API calls 16014->16015 16021 7ff6b3be5757 16015->16021 16016 7ff6b3be4feb 16016->16014 16017 7ff6b3be59ac memcpy_s 37 API calls 16016->16017 16017->16014 16019 7ff6b3be4dd0 16018->16019 16020 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16019->16020 16020->16012 16023 7ff6b3be59ac memcpy_s 37 API calls 16021->16023 16027 7ff6b3be57b2 16021->16027 16022 7ff6b3be5938 16024 7ff6b3be867c 37 API calls 16022->16024 16023->16027 16024->16008 16025 7ff6b3bd54c4 11 API calls _findclose 16025->16028 16026 7ff6b3bd54c4 11 API calls _findclose 16026->16029 16027->16022 16030 7ff6b3be4280 37 API calls 16027->16030 16033 7ff6b3be59ac memcpy_s 37 API calls 16027->16033 16028->16014 16028->16016 16028->16025 16031 7ff6b3bdaea4 37 API calls _invalid_parameter_noinfo 16028->16031 16029->16016 16029->16026 16032 7ff6b3bdaea4 37 API calls _invalid_parameter_noinfo 16029->16032 16030->16027 16031->16028 16032->16029 16033->16027 16035 7ff6b3be4183 16034->16035 16036 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16035->16036 16037 7ff6b3be41ae memcpy_s 16035->16037 16036->16037 16037->15958 16039 7ff6b3bde798 memcpy_s 16038->16039 16040 7ff6b3bd4900 45 API calls 16039->16040 16041 7ff6b3bde852 memcpy_s __scrt_get_show_window_mode 16039->16041 16040->16041 16041->15963 16043 7ff6b3bde4eb 16042->16043 16047 7ff6b3bde538 memcpy_s 16042->16047 16044 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16043->16044 16045 7ff6b3bde517 16044->16045 16045->15963 16046 7ff6b3bde5a3 16048 7ff6b3bdaa3c __std_exception_copy 37 API calls 16046->16048 16047->16046 16049 7ff6b3bd4900 45 API calls 16047->16049 16052 7ff6b3bde5e5 memcpy_s 16048->16052 16049->16046 16050 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 16051 7ff6b3bde690 16050->16051 16052->16050 16055 7ff6b3be04ec WideCharToMultiByte 16053->16055 16057 7ff6b3bd0e93 16056->16057 16058 7ff6b3bd0e81 16056->16058 16061 7ff6b3bd0ea0 16057->16061 16064 7ff6b3bd0edd 16057->16064 16059 7ff6b3bd54c4 _findclose 11 API calls 16058->16059 16060 7ff6b3bd0e86 16059->16060 16062 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16060->16062 16063 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16061->16063 16069 7ff6b3bd0e91 16062->16069 16063->16069 16065 7ff6b3bd0f86 16064->16065 16066 7ff6b3bd54c4 _findclose 11 API calls 16064->16066 16067 7ff6b3bd54c4 _findclose 11 API calls 16065->16067 16065->16069 16070 7ff6b3bd0f7b 16066->16070 16068 7ff6b3bd1030 16067->16068 16071 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16068->16071 16069->15756 16072 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16070->16072 16071->16069 16072->16065 16074 7ff6b3bddf91 16073->16074 16075 7ff6b3bd493f 16073->16075 16074->16075 16081 7ff6b3be3974 16074->16081 16077 7ff6b3bddfe4 16075->16077 16078 7ff6b3bd494f 16077->16078 16079 7ff6b3bddffd 16077->16079 16078->15756 16079->16078 16125 7ff6b3be2cc0 16079->16125 16093 7ff6b3bdb710 GetLastError 16081->16093 16084 7ff6b3be39ce 16084->16075 16094 7ff6b3bdb734 FlsGetValue 16093->16094 16095 7ff6b3bdb751 FlsSetValue 16093->16095 16096 7ff6b3bdb74b 16094->16096 16112 7ff6b3bdb741 16094->16112 16097 7ff6b3bdb763 16095->16097 16095->16112 16096->16095 16099 7ff6b3bdf158 _findclose 11 API calls 16097->16099 16098 7ff6b3bdb7bd SetLastError 16100 7ff6b3bdb7ca 16098->16100 16101 7ff6b3bdb7dd 16098->16101 16102 7ff6b3bdb772 16099->16102 16100->16084 16115 7ff6b3be0cb8 EnterCriticalSection 16100->16115 16116 7ff6b3bdaa9c 16101->16116 16104 7ff6b3bdb790 FlsSetValue 16102->16104 16105 7ff6b3bdb780 FlsSetValue 16102->16105 16108 7ff6b3bdb7ae 16104->16108 16109 7ff6b3bdb79c FlsSetValue 16104->16109 16107 7ff6b3bdb789 16105->16107 16110 7ff6b3bdaf0c __free_lconv_num 11 API calls 16107->16110 16111 7ff6b3bdb4b8 _findclose 11 API calls 16108->16111 16109->16107 16110->16112 16113 7ff6b3bdb7b6 16111->16113 16112->16098 16114 7ff6b3bdaf0c __free_lconv_num 11 API calls 16113->16114 16114->16098 16117 7ff6b3be3cc0 ExFilterRethrow EnterCriticalSection LeaveCriticalSection 16116->16117 16118 7ff6b3bdaaa5 16117->16118 16119 7ff6b3bdaab4 16118->16119 16120 7ff6b3be3d10 ExFilterRethrow 44 API calls 16118->16120 16121 7ff6b3bdaabd IsProcessorFeaturePresent 16119->16121 16122 7ff6b3bdaae7 ExFilterRethrow 16119->16122 16120->16119 16123 7ff6b3bdaacc 16121->16123 16124 7ff6b3bdabd8 _wfindfirst32i64 14 API calls 16123->16124 16124->16122 16126 7ff6b3bdb710 ExFilterRethrow 45 API calls 16125->16126 16127 7ff6b3be2cc9 16126->16127 16135 7ff6b3bd536c EnterCriticalSection 16128->16135 16137 7ff6b3bc28ac 16136->16137 16138 7ff6b3bd4ac4 49 API calls 16137->16138 16139 7ff6b3bc28fd 16138->16139 16140 7ff6b3bd54c4 _findclose 11 API calls 16139->16140 16141 7ff6b3bc2902 16140->16141 16155 7ff6b3bd54e4 16141->16155 16144 7ff6b3bc1ef0 49 API calls 16145 7ff6b3bc2931 __scrt_get_show_window_mode 16144->16145 16146 7ff6b3bc8ae0 57 API calls 16145->16146 16147 7ff6b3bc2966 16146->16147 16148 7ff6b3bc29a3 MessageBoxA 16147->16148 16149 7ff6b3bc296b 16147->16149 16151 7ff6b3bc29bd 16148->16151 16150 7ff6b3bc8ae0 57 API calls 16149->16150 16152 7ff6b3bc2985 MessageBoxW 16150->16152 16153 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16151->16153 16152->16151 16154 7ff6b3bc29cd 16153->16154 16154->15428 16156 7ff6b3bdb888 _findclose 11 API calls 16155->16156 16157 7ff6b3bd54fb 16156->16157 16158 7ff6b3bdf158 _findclose 11 API calls 16157->16158 16161 7ff6b3bd553b 16157->16161 16164 7ff6b3bc2909 16157->16164 16159 7ff6b3bd5530 16158->16159 16160 7ff6b3bdaf0c __free_lconv_num 11 API calls 16159->16160 16160->16161 16161->16164 16167 7ff6b3bdf828 16161->16167 16164->16144 16165 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 16166 7ff6b3bd5580 16165->16166 16172 7ff6b3bdf845 16167->16172 16168 7ff6b3bdf84a 16169 7ff6b3bd54c4 _findclose 11 API calls 16168->16169 16170 7ff6b3bd5561 16168->16170 16171 7ff6b3bdf854 16169->16171 16170->16164 16170->16165 16173 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16171->16173 16172->16168 16172->16170 16174 7ff6b3bdf894 16172->16174 16173->16170 16174->16170 16175 7ff6b3bd54c4 _findclose 11 API calls 16174->16175 16175->16171 16177 7ff6b3bc8c82 WideCharToMultiByte 16176->16177 16178 7ff6b3bc8c14 WideCharToMultiByte 16176->16178 16179 7ff6b3bc8caf 16177->16179 16186 7ff6b3bc3f25 16177->16186 16180 7ff6b3bc8c55 16178->16180 16181 7ff6b3bc8c3e 16178->16181 16182 7ff6b3bc29e0 57 API calls 16179->16182 16180->16177 16184 7ff6b3bc8c6b 16180->16184 16183 7ff6b3bc29e0 57 API calls 16181->16183 16182->16186 16183->16186 16185 7ff6b3bc29e0 57 API calls 16184->16185 16185->16186 16186->15438 16186->15439 16188 7ff6b3bda9b3 16187->16188 16191 7ff6b3bc7bde 16187->16191 16189 7ff6b3bdaa3c __std_exception_copy 37 API calls 16188->16189 16188->16191 16190 7ff6b3bda9e0 16189->16190 16190->16191 16192 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 16190->16192 16191->15455 16193 7ff6b3bdaa10 16192->16193 16195 7ff6b3bc3fd0 116 API calls 16194->16195 16196 7ff6b3bc1ad6 16195->16196 16197 7ff6b3bc1c84 16196->16197 16199 7ff6b3bc82b0 83 API calls 16196->16199 16198 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16197->16198 16200 7ff6b3bc1c98 16198->16200 16201 7ff6b3bc1b0e 16199->16201 16200->15474 16227 7ff6b3bc3e40 16200->16227 16225 7ff6b3bc1b3f 16201->16225 16233 7ff6b3bd0814 16201->16233 16203 7ff6b3bd018c 74 API calls 16203->16197 16204 7ff6b3bc1b28 16205 7ff6b3bc1b44 16204->16205 16206 7ff6b3bc1b2c 16204->16206 16237 7ff6b3bd04dc 16205->16237 16207 7ff6b3bc2890 59 API calls 16206->16207 16207->16225 16210 7ff6b3bc1b5f 16212 7ff6b3bc2890 59 API calls 16210->16212 16211 7ff6b3bc1b77 16213 7ff6b3bd0814 73 API calls 16211->16213 16212->16225 16214 7ff6b3bc1bc4 16213->16214 16215 7ff6b3bc1bee 16214->16215 16216 7ff6b3bc1bd6 16214->16216 16218 7ff6b3bd04dc _fread_nolock 53 API calls 16215->16218 16217 7ff6b3bc2890 59 API calls 16216->16217 16217->16225 16219 7ff6b3bc1c03 16218->16219 16220 7ff6b3bc1c1e 16219->16220 16221 7ff6b3bc1c09 16219->16221 16240 7ff6b3bd0250 16220->16240 16222 7ff6b3bc2890 59 API calls 16221->16222 16222->16225 16225->16203 16226 7ff6b3bc2b30 59 API calls 16226->16225 16228 7ff6b3bc1ef0 49 API calls 16227->16228 16229 7ff6b3bc3e5d 16228->16229 16229->15475 16231 7ff6b3bc1ef0 49 API calls 16230->16231 16232 7ff6b3bc4080 16231->16232 16232->15474 16232->16232 16234 7ff6b3bd0844 16233->16234 16246 7ff6b3bd05a4 16234->16246 16236 7ff6b3bd085d 16236->16204 16258 7ff6b3bd04fc 16237->16258 16241 7ff6b3bc1c32 16240->16241 16242 7ff6b3bd0259 16240->16242 16241->16225 16241->16226 16243 7ff6b3bd54c4 _findclose 11 API calls 16242->16243 16247 7ff6b3bd060e 16246->16247 16248 7ff6b3bd05ce 16246->16248 16247->16248 16250 7ff6b3bd061a 16247->16250 16249 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16248->16249 16251 7ff6b3bd05f5 16249->16251 16257 7ff6b3bd536c EnterCriticalSection 16250->16257 16251->16236 16259 7ff6b3bd0526 16258->16259 16270 7ff6b3bc1b59 16258->16270 16260 7ff6b3bd0572 16259->16260 16261 7ff6b3bd0535 __scrt_get_show_window_mode 16259->16261 16259->16270 16271 7ff6b3bd536c EnterCriticalSection 16260->16271 16264 7ff6b3bd54c4 _findclose 11 API calls 16261->16264 16266 7ff6b3bd054a 16264->16266 16268 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16266->16268 16268->16270 16270->16210 16270->16211 16273 7ff6b3bc7966 16272->16273 16274 7ff6b3bc79dd GetTempPathW 16273->16274 16275 7ff6b3bc798a 16273->16275 16276 7ff6b3bc79f2 16274->16276 16277 7ff6b3bc7b60 61 API calls 16275->16277 16311 7ff6b3bc2830 16276->16311 16278 7ff6b3bc7996 16277->16278 16335 7ff6b3bc7420 16278->16335 16284 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16286 7ff6b3bc154f 16284->16286 16285 7ff6b3bc79bc __vcrt_freefls 16285->16274 16290 7ff6b3bc79ca 16285->16290 16286->15481 16286->15485 16288 7ff6b3bc7a0b __vcrt_freefls 16289 7ff6b3bc7ab6 16288->16289 16294 7ff6b3bc7a41 16288->16294 16315 7ff6b3bd8aa4 16288->16315 16318 7ff6b3bc8950 16288->16318 16292 7ff6b3bc8bf0 59 API calls 16289->16292 16291 7ff6b3bc2b30 59 API calls 16290->16291 16296 7ff6b3bc7ac7 __vcrt_freefls 16292->16296 16295 7ff6b3bc8ae0 57 API calls 16294->16295 16310 7ff6b3bc7a7a __vcrt_freefls 16294->16310 16297 7ff6b3bc7a57 16295->16297 16298 7ff6b3bc8ae0 57 API calls 16296->16298 16296->16310 16299 7ff6b3bc7a99 SetEnvironmentVariableW 16297->16299 16300 7ff6b3bc7a5c 16297->16300 16301 7ff6b3bc7ae5 16298->16301 16299->16310 16302 7ff6b3bc8ae0 57 API calls 16300->16302 16303 7ff6b3bc7b1d SetEnvironmentVariableW 16301->16303 16304 7ff6b3bc7aea 16301->16304 16305 7ff6b3bc7a6c 16302->16305 16303->16310 16306 7ff6b3bc8ae0 57 API calls 16304->16306 16307 7ff6b3bd7dec 38 API calls 16305->16307 16308 7ff6b3bc7afa 16306->16308 16307->16310 16309 7ff6b3bd7dec 38 API calls 16308->16309 16309->16310 16310->16284 16312 7ff6b3bc2855 16311->16312 16369 7ff6b3bd4d18 16312->16369 16563 7ff6b3bd86d0 16315->16563 16319 7ff6b3bcbc60 16318->16319 16320 7ff6b3bc8960 GetCurrentProcess OpenProcessToken 16319->16320 16321 7ff6b3bc89ab GetTokenInformation 16320->16321 16324 7ff6b3bc8a21 __vcrt_freefls 16320->16324 16322 7ff6b3bc89cd GetLastError 16321->16322 16323 7ff6b3bc89d8 16321->16323 16322->16323 16322->16324 16323->16324 16327 7ff6b3bc89ee GetTokenInformation 16323->16327 16325 7ff6b3bc8a34 CloseHandle 16324->16325 16326 7ff6b3bc8a3a 16324->16326 16325->16326 16694 7ff6b3bc8650 16326->16694 16327->16324 16329 7ff6b3bc8a14 ConvertSidToStringSidW 16327->16329 16329->16324 16336 7ff6b3bc742c 16335->16336 16337 7ff6b3bc8ae0 57 API calls 16336->16337 16338 7ff6b3bc744e 16337->16338 16339 7ff6b3bc7469 ExpandEnvironmentStringsW 16338->16339 16340 7ff6b3bc7456 16338->16340 16342 7ff6b3bc748f __vcrt_freefls 16339->16342 16341 7ff6b3bc2b30 59 API calls 16340->16341 16343 7ff6b3bc7462 16341->16343 16344 7ff6b3bc7493 16342->16344 16345 7ff6b3bc74a6 16342->16345 16346 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16343->16346 16347 7ff6b3bc2b30 59 API calls 16344->16347 16349 7ff6b3bc74c0 16345->16349 16350 7ff6b3bc74b4 16345->16350 16348 7ff6b3bc7588 16346->16348 16347->16343 16348->16310 16359 7ff6b3bd7dec 16348->16359 16705 7ff6b3bd6328 16349->16705 16698 7ff6b3bd79a4 16350->16698 16353 7ff6b3bc74be 16354 7ff6b3bc74da 16353->16354 16357 7ff6b3bc74ed __scrt_get_show_window_mode 16353->16357 16355 7ff6b3bc2b30 59 API calls 16354->16355 16355->16343 16356 7ff6b3bc7562 CreateDirectoryW 16356->16343 16357->16356 16358 7ff6b3bc753c CreateDirectoryW 16357->16358 16358->16357 16360 7ff6b3bd7e0c 16359->16360 16361 7ff6b3bd7df9 16359->16361 16806 7ff6b3bd7a70 16360->16806 16362 7ff6b3bd54c4 _findclose 11 API calls 16361->16362 16364 7ff6b3bd7dfe 16362->16364 16366 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16364->16366 16368 7ff6b3bd7e0a 16366->16368 16368->16285 16373 7ff6b3bd4d72 16369->16373 16370 7ff6b3bd4d97 16371 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16370->16371 16375 7ff6b3bd4dc1 16371->16375 16372 7ff6b3bd4dd3 16387 7ff6b3bd30d0 16372->16387 16373->16370 16373->16372 16377 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16375->16377 16376 7ff6b3bd4eb4 16378 7ff6b3bdaf0c __free_lconv_num 11 API calls 16376->16378 16380 7ff6b3bc2874 16377->16380 16378->16375 16380->16288 16381 7ff6b3bd4eda 16381->16376 16383 7ff6b3bd4ee4 16381->16383 16382 7ff6b3bd4e89 16384 7ff6b3bdaf0c __free_lconv_num 11 API calls 16382->16384 16386 7ff6b3bdaf0c __free_lconv_num 11 API calls 16383->16386 16384->16375 16385 7ff6b3bd4e80 16385->16376 16385->16382 16386->16375 16388 7ff6b3bd310e 16387->16388 16389 7ff6b3bd30fe 16387->16389 16390 7ff6b3bd3117 16388->16390 16395 7ff6b3bd3145 16388->16395 16391 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16389->16391 16392 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16390->16392 16393 7ff6b3bd313d 16391->16393 16392->16393 16393->16376 16393->16381 16393->16382 16393->16385 16395->16389 16395->16393 16398 7ff6b3bd3ae4 16395->16398 16431 7ff6b3bd3530 16395->16431 16468 7ff6b3bd2cc0 16395->16468 16399 7ff6b3bd3b26 16398->16399 16400 7ff6b3bd3b97 16398->16400 16401 7ff6b3bd3bc1 16399->16401 16402 7ff6b3bd3b2c 16399->16402 16403 7ff6b3bd3bf0 16400->16403 16404 7ff6b3bd3b9c 16400->16404 16487 7ff6b3bd1e94 16401->16487 16405 7ff6b3bd3b60 16402->16405 16406 7ff6b3bd3b31 16402->16406 16410 7ff6b3bd3c07 16403->16410 16413 7ff6b3bd3bfa 16403->16413 16414 7ff6b3bd3bff 16403->16414 16407 7ff6b3bd3b9e 16404->16407 16408 7ff6b3bd3bd1 16404->16408 16411 7ff6b3bd3b37 16405->16411 16405->16414 16406->16410 16406->16411 16412 7ff6b3bd3b40 16407->16412 16420 7ff6b3bd3bad 16407->16420 16494 7ff6b3bd1a84 16408->16494 16501 7ff6b3bd47ec 16410->16501 16411->16412 16418 7ff6b3bd3b72 16411->16418 16426 7ff6b3bd3b5b 16411->16426 16429 7ff6b3bd3c30 16412->16429 16471 7ff6b3bd4298 16412->16471 16413->16401 16413->16414 16414->16429 16505 7ff6b3bd22a4 16414->16505 16418->16429 16481 7ff6b3bd45d4 16418->16481 16420->16401 16421 7ff6b3bd3bb2 16420->16421 16424 7ff6b3bd4698 37 API calls 16421->16424 16421->16429 16423 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16425 7ff6b3bd3f2a 16423->16425 16424->16426 16425->16395 16427 7ff6b3bd4900 45 API calls 16426->16427 16426->16429 16430 7ff6b3bd3e1c 16426->16430 16427->16430 16429->16423 16430->16429 16512 7ff6b3bdefc8 16430->16512 16432 7ff6b3bd3554 16431->16432 16433 7ff6b3bd353e 16431->16433 16436 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16432->16436 16437 7ff6b3bd3594 16432->16437 16434 7ff6b3bd3b26 16433->16434 16435 7ff6b3bd3b97 16433->16435 16433->16437 16438 7ff6b3bd3bc1 16434->16438 16439 7ff6b3bd3b2c 16434->16439 16440 7ff6b3bd3bf0 16435->16440 16441 7ff6b3bd3b9c 16435->16441 16436->16437 16437->16395 16446 7ff6b3bd1e94 38 API calls 16438->16446 16442 7ff6b3bd3b60 16439->16442 16443 7ff6b3bd3b31 16439->16443 16447 7ff6b3bd3c07 16440->16447 16450 7ff6b3bd3bfa 16440->16450 16453 7ff6b3bd3bff 16440->16453 16444 7ff6b3bd3b9e 16441->16444 16445 7ff6b3bd3bd1 16441->16445 16448 7ff6b3bd3b37 16442->16448 16442->16453 16443->16447 16443->16448 16449 7ff6b3bd3b40 16444->16449 16457 7ff6b3bd3bad 16444->16457 16451 7ff6b3bd1a84 38 API calls 16445->16451 16463 7ff6b3bd3b5b 16446->16463 16454 7ff6b3bd47ec 45 API calls 16447->16454 16448->16449 16455 7ff6b3bd3b72 16448->16455 16448->16463 16452 7ff6b3bd4298 47 API calls 16449->16452 16466 7ff6b3bd3c30 16449->16466 16450->16438 16450->16453 16451->16463 16452->16463 16456 7ff6b3bd22a4 38 API calls 16453->16456 16453->16466 16454->16463 16459 7ff6b3bd45d4 46 API calls 16455->16459 16455->16466 16456->16463 16457->16438 16458 7ff6b3bd3bb2 16457->16458 16461 7ff6b3bd4698 37 API calls 16458->16461 16458->16466 16459->16463 16460 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16462 7ff6b3bd3f2a 16460->16462 16461->16463 16462->16395 16464 7ff6b3bd4900 45 API calls 16463->16464 16463->16466 16467 7ff6b3bd3e1c 16463->16467 16464->16467 16465 7ff6b3bdefc8 46 API calls 16465->16467 16466->16460 16467->16465 16467->16466 16546 7ff6b3bd1108 16468->16546 16472 7ff6b3bd42be 16471->16472 16473 7ff6b3bd0cc0 12 API calls 16472->16473 16474 7ff6b3bd430e 16473->16474 16475 7ff6b3bdeb30 46 API calls 16474->16475 16477 7ff6b3bd43e1 16475->16477 16482 7ff6b3bd4609 16481->16482 16483 7ff6b3bd4627 16482->16483 16484 7ff6b3bd4900 45 API calls 16482->16484 16486 7ff6b3bd464e 16482->16486 16485 7ff6b3bdefc8 46 API calls 16483->16485 16484->16483 16485->16486 16486->16426 16488 7ff6b3bd1ec7 16487->16488 16489 7ff6b3bd1ef6 16488->16489 16491 7ff6b3bd1fb3 16488->16491 16493 7ff6b3bd1f33 16489->16493 16524 7ff6b3bd0d68 16489->16524 16492 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16491->16492 16492->16493 16493->16426 16495 7ff6b3bd1ab7 16494->16495 16496 7ff6b3bd1ae6 16495->16496 16498 7ff6b3bd1ba3 16495->16498 16497 7ff6b3bd0d68 12 API calls 16496->16497 16500 7ff6b3bd1b23 16496->16500 16497->16500 16499 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16498->16499 16499->16500 16500->16426 16502 7ff6b3bd482f 16501->16502 16504 7ff6b3bd4833 __crtLCMapStringW 16502->16504 16532 7ff6b3bd4888 16502->16532 16504->16426 16506 7ff6b3bd22d7 16505->16506 16507 7ff6b3bd2306 16506->16507 16509 7ff6b3bd23c3 16506->16509 16508 7ff6b3bd0d68 12 API calls 16507->16508 16511 7ff6b3bd2343 16507->16511 16508->16511 16510 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16509->16510 16510->16511 16511->16426 16513 7ff6b3bdeff9 16512->16513 16514 7ff6b3bdf007 16512->16514 16513->16514 16515 7ff6b3bdf027 16513->16515 16516 7ff6b3bd4900 45 API calls 16513->16516 16514->16430 16517 7ff6b3bdf05f 16515->16517 16518 7ff6b3bdf038 16515->16518 16516->16515 16517->16514 16525 7ff6b3bd0d9f 16524->16525 16531 7ff6b3bd0d8e 16524->16531 16526 7ff6b3bddbbc _fread_nolock 12 API calls 16525->16526 16525->16531 16527 7ff6b3bd0dd0 16526->16527 16528 7ff6b3bd0de4 16527->16528 16529 7ff6b3bdaf0c __free_lconv_num 11 API calls 16527->16529 16529->16528 16531->16493 16533 7ff6b3bd48ae 16532->16533 16534 7ff6b3bd48a6 16532->16534 16533->16504 16535 7ff6b3bd4900 45 API calls 16534->16535 16535->16533 16547 7ff6b3bd114f 16546->16547 16548 7ff6b3bd113d 16546->16548 16551 7ff6b3bd115d 16547->16551 16554 7ff6b3bd1199 16547->16554 16549 7ff6b3bd54c4 _findclose 11 API calls 16548->16549 16550 7ff6b3bd1142 16549->16550 16552 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16550->16552 16553 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 16551->16553 16562 7ff6b3bd114d 16552->16562 16553->16562 16555 7ff6b3bd1515 16554->16555 16557 7ff6b3bd54c4 _findclose 11 API calls 16554->16557 16556 7ff6b3bd54c4 _findclose 11 API calls 16555->16556 16555->16562 16558 7ff6b3bd17a9 16556->16558 16559 7ff6b3bd150a 16557->16559 16560 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16558->16560 16561 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16559->16561 16560->16562 16561->16555 16562->16395 16604 7ff6b3be1bc8 16563->16604 16663 7ff6b3be1940 16604->16663 16684 7ff6b3be0cb8 EnterCriticalSection 16663->16684 16695 7ff6b3bc8675 16694->16695 16696 7ff6b3bd4d18 48 API calls 16695->16696 16697 7ff6b3bc8698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16696->16697 16699 7ff6b3bd79c2 16698->16699 16702 7ff6b3bd79f5 16698->16702 16699->16702 16717 7ff6b3be0e54 16699->16717 16702->16353 16703 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 16704 7ff6b3bd7a25 16703->16704 16706 7ff6b3bd63b2 16705->16706 16707 7ff6b3bd6344 16705->16707 16751 7ff6b3be04a0 16706->16751 16707->16706 16709 7ff6b3bd6349 16707->16709 16710 7ff6b3bd637e 16709->16710 16711 7ff6b3bd6361 16709->16711 16734 7ff6b3bd616c GetFullPathNameW 16710->16734 16726 7ff6b3bd60f8 GetFullPathNameW 16711->16726 16716 7ff6b3bd6376 __vcrt_freefls 16716->16353 16718 7ff6b3be0e6b 16717->16718 16719 7ff6b3be0e61 16717->16719 16720 7ff6b3bd54c4 _findclose 11 API calls 16718->16720 16719->16718 16724 7ff6b3be0e87 16719->16724 16721 7ff6b3be0e73 16720->16721 16722 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16721->16722 16723 7ff6b3bd79f1 16722->16723 16723->16702 16723->16703 16724->16723 16725 7ff6b3bd54c4 _findclose 11 API calls 16724->16725 16725->16721 16727 7ff6b3bd6134 16726->16727 16728 7ff6b3bd611e GetLastError 16726->16728 16732 7ff6b3bd54c4 _findclose 11 API calls 16727->16732 16733 7ff6b3bd6130 16727->16733 16729 7ff6b3bd5438 _fread_nolock 11 API calls 16728->16729 16730 7ff6b3bd612b 16729->16730 16731 7ff6b3bd54c4 _findclose 11 API calls 16730->16731 16731->16733 16732->16733 16733->16716 16735 7ff6b3bd619f GetLastError 16734->16735 16740 7ff6b3bd61b5 __vcrt_freefls 16734->16740 16736 7ff6b3bd5438 _fread_nolock 11 API calls 16735->16736 16737 7ff6b3bd61ac 16736->16737 16739 7ff6b3bd54c4 _findclose 11 API calls 16737->16739 16738 7ff6b3bd61b1 16742 7ff6b3bd6244 16738->16742 16739->16738 16740->16738 16741 7ff6b3bd620f GetFullPathNameW 16740->16741 16741->16735 16741->16738 16743 7ff6b3bd62b8 memcpy_s 16742->16743 16744 7ff6b3bd626d __scrt_get_show_window_mode 16742->16744 16743->16716 16744->16743 16745 7ff6b3bd62a1 16744->16745 16747 7ff6b3bd62da 16744->16747 16747->16743 16754 7ff6b3be02b0 16751->16754 16755 7ff6b3be02f2 16754->16755 16756 7ff6b3be02db 16754->16756 16757 7ff6b3be0317 16755->16757 16758 7ff6b3be02f6 16755->16758 16759 7ff6b3bd54c4 _findclose 11 API calls 16756->16759 16792 7ff6b3bdf918 16757->16792 16780 7ff6b3be041c 16758->16780 16760 7ff6b3be02e0 16759->16760 16765 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 16760->16765 16778 7ff6b3be02eb __vcrt_freefls 16765->16778 16771 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16774 7ff6b3be0411 16771->16774 16774->16716 16778->16771 16781 7ff6b3be0466 16780->16781 16782 7ff6b3be0436 16780->16782 16783 7ff6b3be0471 GetDriveTypeW 16781->16783 16784 7ff6b3be0451 16781->16784 16785 7ff6b3bd54a4 _fread_nolock 11 API calls 16782->16785 16783->16784 16787 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16784->16787 16786 7ff6b3be043b 16785->16786 16793 7ff6b3bcd0e0 __scrt_get_show_window_mode 16792->16793 16794 7ff6b3bdf94e GetCurrentDirectoryW 16793->16794 16795 7ff6b3bdf965 16794->16795 16796 7ff6b3bdf98c 16794->16796 16813 7ff6b3be0cb8 EnterCriticalSection 16806->16813 16815 7ff6b3bc173e 16814->16815 16816 7ff6b3bc1726 16814->16816 16818 7ff6b3bc1744 16815->16818 16819 7ff6b3bc1768 16815->16819 16817 7ff6b3bc2b30 59 API calls 16816->16817 16820 7ff6b3bc1732 16817->16820 16944 7ff6b3bc12b0 16818->16944 16907 7ff6b3bc7c10 16819->16907 16820->15509 16825 7ff6b3bc175f 16825->15509 16826 7ff6b3bc17b9 16829 7ff6b3bc3fd0 116 API calls 16826->16829 16827 7ff6b3bc178d 16828 7ff6b3bc2890 59 API calls 16827->16828 16831 7ff6b3bc17a3 16828->16831 16832 7ff6b3bc17ce 16829->16832 16830 7ff6b3bc2b30 59 API calls 16830->16825 16831->15509 16833 7ff6b3bc17ee 16832->16833 16834 7ff6b3bc17d6 16832->16834 16836 7ff6b3bd0814 73 API calls 16833->16836 16835 7ff6b3bc2b30 59 API calls 16834->16835 16837 7ff6b3bc17e5 16835->16837 16838 7ff6b3bc17ff 16836->16838 16857 7ff6b3bc2d86 16856->16857 16858 7ff6b3bc1ef0 49 API calls 16857->16858 16860 7ff6b3bc2db9 16858->16860 16859 7ff6b3bc30ea 16860->16859 16861 7ff6b3bc3e40 49 API calls 16860->16861 16862 7ff6b3bc2e27 16861->16862 16863 7ff6b3bc3e40 49 API calls 16862->16863 16864 7ff6b3bc2e38 16863->16864 16865 7ff6b3bc2e95 16864->16865 16866 7ff6b3bc2e59 16864->16866 16868 7ff6b3bc31b0 75 API calls 16865->16868 17079 7ff6b3bc31b0 16866->17079 16869 7ff6b3bc2e93 16868->16869 16870 7ff6b3bc2ed4 16869->16870 16871 7ff6b3bc2f16 16869->16871 17087 7ff6b3bc75a0 16870->17087 16873 7ff6b3bc31b0 75 API calls 16871->16873 16875 7ff6b3bc2f40 16873->16875 16878 7ff6b3bc31b0 75 API calls 16875->16878 16885 7ff6b3bc2fdc 16875->16885 16880 7ff6b3bc2f72 16878->16880 16880->16885 16881 7ff6b3bc1eb0 59 API calls 16885->16881 16891 7ff6b3bc30ef 16885->16891 16908 7ff6b3bc7c20 16907->16908 16909 7ff6b3bc1ef0 49 API calls 16908->16909 16910 7ff6b3bc7c61 16909->16910 16911 7ff6b3bc7ce1 16910->16911 16987 7ff6b3bc3f60 16910->16987 16913 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16911->16913 16915 7ff6b3bc1785 16913->16915 16915->16826 16915->16827 16916 7ff6b3bc7d1b 16993 7ff6b3bc77c0 16916->16993 16918 7ff6b3bc7b60 61 API calls 16923 7ff6b3bc7c92 __vcrt_freefls 16918->16923 16920 7ff6b3bc7cd0 17007 7ff6b3bc2c50 16920->17007 16921 7ff6b3bc7d04 16922 7ff6b3bc2c50 59 API calls 16921->16922 16922->16916 16923->16920 16923->16921 16945 7ff6b3bc12c2 16944->16945 16946 7ff6b3bc3fd0 116 API calls 16945->16946 16947 7ff6b3bc12f2 16946->16947 16948 7ff6b3bc1311 16947->16948 16949 7ff6b3bc12fa 16947->16949 16951 7ff6b3bd0814 73 API calls 16948->16951 16950 7ff6b3bc2b30 59 API calls 16949->16950 16956 7ff6b3bc130a __vcrt_freefls 16950->16956 16952 7ff6b3bc1323 16951->16952 16953 7ff6b3bc1327 16952->16953 16954 7ff6b3bc134d 16952->16954 16955 7ff6b3bc2890 59 API calls 16953->16955 16958 7ff6b3bc1390 16954->16958 16959 7ff6b3bc1368 16954->16959 16957 7ff6b3bc133e 16955->16957 16960 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16956->16960 16961 7ff6b3bd018c 74 API calls 16957->16961 16963 7ff6b3bc13aa 16958->16963 16975 7ff6b3bc1463 16958->16975 16962 7ff6b3bc2890 59 API calls 16959->16962 16964 7ff6b3bc1454 16960->16964 16961->16956 16966 7ff6b3bc1383 16962->16966 16967 7ff6b3bc1050 98 API calls 16963->16967 16964->16825 16964->16830 16965 7ff6b3bc13c3 16970 7ff6b3bd018c 74 API calls 16965->16970 16968 7ff6b3bd018c 74 API calls 16966->16968 16969 7ff6b3bc13bb 16967->16969 16968->16956 16969->16965 16972 7ff6b3bc14d2 __vcrt_freefls 16969->16972 16973 7ff6b3bc13cf 16970->16973 16971 7ff6b3bd04dc _fread_nolock 53 API calls 16971->16975 16975->16965 16975->16971 16977 7ff6b3bc14bb 16975->16977 16978 7ff6b3bc2890 59 API calls 16977->16978 16978->16972 16988 7ff6b3bc3f6a 16987->16988 16989 7ff6b3bc8ae0 57 API calls 16988->16989 16990 7ff6b3bc3f92 16989->16990 16991 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 16990->16991 16992 7ff6b3bc3fba 16991->16992 16992->16916 16992->16918 16992->16923 16994 7ff6b3bc77d0 16993->16994 17080 7ff6b3bc31e4 17079->17080 17081 7ff6b3bd4ac4 49 API calls 17080->17081 17082 7ff6b3bc320a 17081->17082 17083 7ff6b3bc321b 17082->17083 17139 7ff6b3bd5dec 17082->17139 17085 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 17083->17085 17086 7ff6b3bc3239 17085->17086 17086->16869 17088 7ff6b3bc75ae 17087->17088 17089 7ff6b3bc3fd0 116 API calls 17088->17089 17090 7ff6b3bc75dd 17089->17090 17091 7ff6b3bc1ef0 49 API calls 17090->17091 17140 7ff6b3bd5e15 17139->17140 17141 7ff6b3bd5e09 17139->17141 17181 7ff6b3bd4f98 17140->17181 17156 7ff6b3bd5700 17141->17156 17157 7ff6b3bd571a 17156->17157 17364 7ff6b3bcbf2e RtlLookupFunctionEntry 17363->17364 17365 7ff6b3bcbf44 RtlVirtualUnwind 17364->17365 17366 7ff6b3bcbd4b 17364->17366 17365->17364 17365->17366 17367 7ff6b3bcbce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17366->17367 17369 7ff6b3bd63dc 17368->17369 17370 7ff6b3bd6402 17369->17370 17372 7ff6b3bd6435 17369->17372 17371 7ff6b3bd54c4 _findclose 11 API calls 17370->17371 17373 7ff6b3bd6407 17371->17373 17375 7ff6b3bd643b 17372->17375 17376 7ff6b3bd6448 17372->17376 17374 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 17373->17374 17377 7ff6b3bc4029 17374->17377 17378 7ff6b3bd54c4 _findclose 11 API calls 17375->17378 17387 7ff6b3bdb1ec 17376->17387 17377->15572 17378->17377 17400 7ff6b3be0cb8 EnterCriticalSection 17387->17400 17748 7ff6b3bd90a0 17747->17748 17751 7ff6b3bd8b7c 17748->17751 17752 7ff6b3bd8b97 17751->17752 17753 7ff6b3bd8bc6 17751->17753 17754 7ff6b3bdadd8 _invalid_parameter_noinfo 37 API calls 17752->17754 17761 7ff6b3bd536c EnterCriticalSection 17753->17761 17763 7ff6b3bcff83 17762->17763 17765 7ff6b3bcffb1 17762->17765 17774 7ff6b3bc3fd0 116 API calls 17773->17774 17775 7ff6b3bc15c7 17774->17775 17776 7ff6b3bc15f0 17775->17776 17777 7ff6b3bc15cf 17775->17777 17779 7ff6b3bd0814 73 API calls 17776->17779 17778 7ff6b3bc2b30 59 API calls 17777->17778 17780 7ff6b3bc15df 17778->17780 17781 7ff6b3bc1601 17779->17781 17780->15591 17782 7ff6b3bc1621 17781->17782 17783 7ff6b3bc1605 17781->17783 17786 7ff6b3bc1651 17782->17786 17787 7ff6b3bc1631 17782->17787 17784 7ff6b3bc2890 59 API calls 17783->17784 17785 7ff6b3bc161c __vcrt_freefls 17784->17785 17788 7ff6b3bd018c 74 API calls 17785->17788 17790 7ff6b3bc1666 17786->17790 17794 7ff6b3bc167d 17786->17794 17789 7ff6b3bc2890 59 API calls 17787->17789 17792 7ff6b3bc16f7 17788->17792 17789->17785 17791 7ff6b3bc1050 98 API calls 17790->17791 17791->17785 17792->15591 17793 7ff6b3bd04dc _fread_nolock 53 API calls 17793->17794 17794->17785 17794->17793 17795 7ff6b3bc16be 17794->17795 17796 7ff6b3bc2890 59 API calls 17795->17796 17796->17785 17799 7ff6b3bc196f 17797->17799 17800 7ff6b3bc19d3 17797->17800 17798 7ff6b3bd5070 45 API calls 17798->17799 17799->17798 17799->17800 17800->15601 17802 7ff6b3bc8ae0 57 API calls 17801->17802 17803 7ff6b3bc8277 LoadLibraryExW 17802->17803 17804 7ff6b3bc8294 __vcrt_freefls 17803->17804 17804->15618 17864->15634 17865->15636 17867 7ff6b3bc5bd0 17866->17867 17868 7ff6b3bc1ef0 49 API calls 17867->17868 17869 7ff6b3bc5c02 17868->17869 17870 7ff6b3bc5c2b 17869->17870 17871 7ff6b3bc5c0b 17869->17871 17872 7ff6b3bc5c82 17870->17872 17874 7ff6b3bc4050 49 API calls 17870->17874 17873 7ff6b3bc2b30 59 API calls 17871->17873 17875 7ff6b3bc4050 49 API calls 17872->17875 17893 7ff6b3bc5c21 17873->17893 17876 7ff6b3bc5c4c 17874->17876 17877 7ff6b3bc5c9b 17875->17877 17878 7ff6b3bc5c6a 17876->17878 17882 7ff6b3bc2b30 59 API calls 17876->17882 17880 7ff6b3bc5cb9 17877->17880 17885 7ff6b3bc2b30 59 API calls 17877->17885 17883 7ff6b3bc3f60 57 API calls 17878->17883 17879 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 17884 7ff6b3bc346e 17879->17884 17881 7ff6b3bc8260 58 API calls 17880->17881 17886 7ff6b3bc5cc6 17881->17886 17882->17878 17887 7ff6b3bc5c74 17883->17887 17884->15645 17894 7ff6b3bc5d20 17884->17894 17885->17880 17888 7ff6b3bc5ced 17886->17888 17889 7ff6b3bc5ccb 17886->17889 17887->17872 17892 7ff6b3bc8260 58 API calls 17887->17892 17964 7ff6b3bc51e0 GetProcAddress 17888->17964 17890 7ff6b3bc29e0 57 API calls 17889->17890 17890->17893 17892->17872 17893->17879 18048 7ff6b3bc4de0 17894->18048 17896 7ff6b3bc5d44 17897 7ff6b3bc5d5d 17896->17897 17898 7ff6b3bc5d4c 17896->17898 18055 7ff6b3bc4530 17897->18055 17899 7ff6b3bc2b30 59 API calls 17898->17899 17965 7ff6b3bc5220 GetProcAddress 17964->17965 17966 7ff6b3bc5202 17964->17966 17965->17966 17967 7ff6b3bc5245 GetProcAddress 17965->17967 17969 7ff6b3bc29e0 57 API calls 17966->17969 17967->17966 17968 7ff6b3bc526a GetProcAddress 17967->17968 17968->17966 17971 7ff6b3bc5215 17969->17971 17971->17893 18051 7ff6b3bc4e05 18048->18051 18049 7ff6b3bc4e0d 18049->17896 18050 7ff6b3bc4f9f 18052 7ff6b3bc4250 47 API calls 18050->18052 18053 7ff6b3bc514a __vcrt_freefls 18050->18053 18051->18049 18051->18050 18090 7ff6b3bd6fb8 18051->18090 18052->18050 18053->17896 18091 7ff6b3bd6fe8 18090->18091 18094 7ff6b3bd64b4 18091->18094 18095 7ff6b3bd64e5 18094->18095 18096 7ff6b3bd64f7 18094->18096 18226 7ff6b3bdb710 ExFilterRethrow 45 API calls 18225->18226 18227 7ff6b3bda971 18226->18227 18228 7ff6b3bdaa9c ExFilterRethrow 45 API calls 18227->18228 18229 7ff6b3bda991 18228->18229 18945 7ff6b3bd5310 18946 7ff6b3bd531b 18945->18946 18954 7ff6b3bdf764 18946->18954 18967 7ff6b3be0cb8 EnterCriticalSection 18954->18967 19554 7ff6b3bcbf90 19555 7ff6b3bcbfa0 19554->19555 19571 7ff6b3bda138 19555->19571 19557 7ff6b3bcbfac 19577 7ff6b3bcc298 19557->19577 19559 7ff6b3bcc57c 7 API calls 19561 7ff6b3bcc045 19559->19561 19560 7ff6b3bcbfc4 _RTC_Initialize 19569 7ff6b3bcc019 19560->19569 19582 7ff6b3bcc448 19560->19582 19563 7ff6b3bcbfd9 19585 7ff6b3bd95a4 19563->19585 19569->19559 19570 7ff6b3bcc035 19569->19570 19572 7ff6b3bda149 19571->19572 19573 7ff6b3bd54c4 _findclose 11 API calls 19572->19573 19576 7ff6b3bda151 19572->19576 19574 7ff6b3bda160 19573->19574 19575 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 19574->19575 19575->19576 19576->19557 19578 7ff6b3bcc2a9 19577->19578 19581 7ff6b3bcc2ae __scrt_release_startup_lock 19577->19581 19579 7ff6b3bcc57c 7 API calls 19578->19579 19578->19581 19580 7ff6b3bcc322 19579->19580 19581->19560 19610 7ff6b3bcc40c 19582->19610 19584 7ff6b3bcc451 19584->19563 19586 7ff6b3bd95c4 19585->19586 19600 7ff6b3bcbfe5 19585->19600 19587 7ff6b3bd95e2 GetModuleFileNameW 19586->19587 19588 7ff6b3bd95cc 19586->19588 19592 7ff6b3bd960d 19587->19592 19589 7ff6b3bd54c4 _findclose 11 API calls 19588->19589 19590 7ff6b3bd95d1 19589->19590 19591 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 19590->19591 19591->19600 19593 7ff6b3bd9544 11 API calls 19592->19593 19594 7ff6b3bd964d 19593->19594 19595 7ff6b3bd9655 19594->19595 19599 7ff6b3bd966d 19594->19599 19596 7ff6b3bd54c4 _findclose 11 API calls 19595->19596 19597 7ff6b3bd965a 19596->19597 19598 7ff6b3bdaf0c __free_lconv_num 11 API calls 19597->19598 19598->19600 19602 7ff6b3bd96bb 19599->19602 19604 7ff6b3bd96d4 19599->19604 19608 7ff6b3bd968f 19599->19608 19600->19569 19609 7ff6b3bcc51c InitializeSListHead 19600->19609 19601 7ff6b3bdaf0c __free_lconv_num 11 API calls 19601->19600 19603 7ff6b3bdaf0c __free_lconv_num 11 API calls 19602->19603 19605 7ff6b3bd96c4 19603->19605 19604->19604 19606 7ff6b3bdaf0c __free_lconv_num 11 API calls 19604->19606 19607 7ff6b3bdaf0c __free_lconv_num 11 API calls 19605->19607 19606->19608 19607->19600 19608->19601 19611 7ff6b3bcc426 19610->19611 19613 7ff6b3bcc41f 19610->19613 19614 7ff6b3bda77c 19611->19614 19613->19584 19617 7ff6b3bda3b8 19614->19617 19624 7ff6b3be0cb8 EnterCriticalSection 19617->19624 19625 7ff6b3bdb590 19626 7ff6b3bdb595 19625->19626 19630 7ff6b3bdb5aa 19625->19630 19631 7ff6b3bdb5b0 19626->19631 19632 7ff6b3bdb5f2 19631->19632 19635 7ff6b3bdb5fa 19631->19635 19633 7ff6b3bdaf0c __free_lconv_num 11 API calls 19632->19633 19633->19635 19634 7ff6b3bdaf0c __free_lconv_num 11 API calls 19636 7ff6b3bdb607 19634->19636 19635->19634 19637 7ff6b3bdaf0c __free_lconv_num 11 API calls 19636->19637 19638 7ff6b3bdb614 19637->19638 19639 7ff6b3bdaf0c __free_lconv_num 11 API calls 19638->19639 19640 7ff6b3bdb621 19639->19640 19641 7ff6b3bdaf0c __free_lconv_num 11 API calls 19640->19641 19642 7ff6b3bdb62e 19641->19642 19643 7ff6b3bdaf0c __free_lconv_num 11 API calls 19642->19643 19644 7ff6b3bdb63b 19643->19644 19645 7ff6b3bdaf0c __free_lconv_num 11 API calls 19644->19645 19646 7ff6b3bdb648 19645->19646 19647 7ff6b3bdaf0c __free_lconv_num 11 API calls 19646->19647 19648 7ff6b3bdb655 19647->19648 19649 7ff6b3bdaf0c __free_lconv_num 11 API calls 19648->19649 19650 7ff6b3bdb665 19649->19650 19651 7ff6b3bdaf0c __free_lconv_num 11 API calls 19650->19651 19652 7ff6b3bdb675 19651->19652 19657 7ff6b3bdb458 19652->19657 19671 7ff6b3be0cb8 EnterCriticalSection 19657->19671 19687 7ff6b3beab89 19688 7ff6b3beaba2 19687->19688 19689 7ff6b3beab98 19687->19689 19691 7ff6b3be0d18 LeaveCriticalSection 19689->19691 18988 7ff6b3be1d20 18999 7ff6b3be7cb4 18988->18999 19000 7ff6b3be7cc1 18999->19000 19001 7ff6b3bdaf0c __free_lconv_num 11 API calls 19000->19001 19002 7ff6b3be7cdd 19000->19002 19001->19000 19003 7ff6b3bdaf0c __free_lconv_num 11 API calls 19002->19003 19004 7ff6b3be1d29 19002->19004 19003->19002 19005 7ff6b3be0cb8 EnterCriticalSection 19004->19005 15184 7ff6b3bcb240 15185 7ff6b3bcb26e 15184->15185 15186 7ff6b3bcb255 15184->15186 15186->15185 15189 7ff6b3bddbbc 15186->15189 15190 7ff6b3bddc07 15189->15190 15194 7ff6b3bddbcb _findclose 15189->15194 15199 7ff6b3bd54c4 15190->15199 15192 7ff6b3bddbee HeapAlloc 15193 7ff6b3bcb2cc 15192->15193 15192->15194 15194->15190 15194->15192 15196 7ff6b3be3c00 15194->15196 15202 7ff6b3be3c40 15196->15202 15208 7ff6b3bdb888 GetLastError 15199->15208 15201 7ff6b3bd54cd 15201->15193 15207 7ff6b3be0cb8 EnterCriticalSection 15202->15207 15209 7ff6b3bdb8c9 FlsSetValue 15208->15209 15213 7ff6b3bdb8ac 15208->15213 15210 7ff6b3bdb8db 15209->15210 15214 7ff6b3bdb8b9 SetLastError 15209->15214 15225 7ff6b3bdf158 15210->15225 15213->15209 15213->15214 15214->15201 15216 7ff6b3bdb908 FlsSetValue 15218 7ff6b3bdb914 FlsSetValue 15216->15218 15219 7ff6b3bdb926 15216->15219 15217 7ff6b3bdb8f8 FlsSetValue 15220 7ff6b3bdb901 15217->15220 15218->15220 15238 7ff6b3bdb4b8 15219->15238 15232 7ff6b3bdaf0c 15220->15232 15230 7ff6b3bdf169 _findclose 15225->15230 15226 7ff6b3bdf19e HeapAlloc 15228 7ff6b3bdb8ea 15226->15228 15226->15230 15227 7ff6b3bdf1ba 15229 7ff6b3bd54c4 _findclose 10 API calls 15227->15229 15228->15216 15228->15217 15229->15228 15230->15226 15230->15227 15231 7ff6b3be3c00 _findclose 2 API calls 15230->15231 15231->15230 15233 7ff6b3bdaf11 RtlFreeHeap 15232->15233 15237 7ff6b3bdaf40 15232->15237 15234 7ff6b3bdaf2c GetLastError 15233->15234 15233->15237 15235 7ff6b3bdaf39 __free_lconv_num 15234->15235 15236 7ff6b3bd54c4 _findclose 9 API calls 15235->15236 15236->15237 15237->15214 15243 7ff6b3bdb390 15238->15243 15255 7ff6b3be0cb8 EnterCriticalSection 15243->15255 18284 7ff6b3be0f38 18285 7ff6b3be0f5c 18284->18285 18287 7ff6b3be0f6c 18284->18287 18286 7ff6b3bd54c4 _findclose 11 API calls 18285->18286 18306 7ff6b3be0f61 18286->18306 18288 7ff6b3be124c 18287->18288 18289 7ff6b3be0f8e 18287->18289 18290 7ff6b3bd54c4 _findclose 11 API calls 18288->18290 18291 7ff6b3be0faf 18289->18291 18430 7ff6b3be15f4 18289->18430 18292 7ff6b3be1251 18290->18292 18295 7ff6b3be1021 18291->18295 18297 7ff6b3be0fd5 18291->18297 18302 7ff6b3be1015 18291->18302 18294 7ff6b3bdaf0c __free_lconv_num 11 API calls 18292->18294 18294->18306 18299 7ff6b3bdf158 _findclose 11 API calls 18295->18299 18316 7ff6b3be0fe4 18295->18316 18296 7ff6b3be10ce 18305 7ff6b3be10eb 18296->18305 18313 7ff6b3be113d 18296->18313 18445 7ff6b3bd9c50 18297->18445 18303 7ff6b3be1037 18299->18303 18301 7ff6b3bdaf0c __free_lconv_num 11 API calls 18301->18306 18302->18296 18302->18316 18451 7ff6b3be79fc 18302->18451 18307 7ff6b3bdaf0c __free_lconv_num 11 API calls 18303->18307 18310 7ff6b3bdaf0c __free_lconv_num 11 API calls 18305->18310 18311 7ff6b3be1045 18307->18311 18308 7ff6b3be0fdf 18312 7ff6b3bd54c4 _findclose 11 API calls 18308->18312 18309 7ff6b3be0ffd 18309->18302 18315 7ff6b3be15f4 45 API calls 18309->18315 18314 7ff6b3be10f4 18310->18314 18311->18302 18311->18316 18319 7ff6b3bdf158 _findclose 11 API calls 18311->18319 18312->18316 18313->18316 18317 7ff6b3be3a4c 40 API calls 18313->18317 18326 7ff6b3be10f9 18314->18326 18487 7ff6b3be3a4c 18314->18487 18315->18302 18316->18301 18318 7ff6b3be117a 18317->18318 18320 7ff6b3bdaf0c __free_lconv_num 11 API calls 18318->18320 18322 7ff6b3be1067 18319->18322 18324 7ff6b3be1184 18320->18324 18323 7ff6b3bdaf0c __free_lconv_num 11 API calls 18322->18323 18323->18302 18324->18316 18324->18326 18325 7ff6b3be1240 18328 7ff6b3bdaf0c __free_lconv_num 11 API calls 18325->18328 18326->18325 18330 7ff6b3bdf158 _findclose 11 API calls 18326->18330 18327 7ff6b3be1125 18329 7ff6b3bdaf0c __free_lconv_num 11 API calls 18327->18329 18328->18306 18329->18326 18331 7ff6b3be11c8 18330->18331 18332 7ff6b3be11d0 18331->18332 18333 7ff6b3be11d9 18331->18333 18335 7ff6b3bdaf0c __free_lconv_num 11 API calls 18332->18335 18334 7ff6b3bdaa3c __std_exception_copy 37 API calls 18333->18334 18336 7ff6b3be11e8 18334->18336 18337 7ff6b3be11d7 18335->18337 18338 7ff6b3be11f0 18336->18338 18339 7ff6b3be127b 18336->18339 18342 7ff6b3bdaf0c __free_lconv_num 11 API calls 18337->18342 18496 7ff6b3be7b14 18338->18496 18341 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18339->18341 18344 7ff6b3be128f 18341->18344 18342->18306 18347 7ff6b3be12b8 18344->18347 18353 7ff6b3be12c8 18344->18353 18345 7ff6b3be1217 18348 7ff6b3bd54c4 _findclose 11 API calls 18345->18348 18346 7ff6b3be1238 18350 7ff6b3bdaf0c __free_lconv_num 11 API calls 18346->18350 18349 7ff6b3bd54c4 _findclose 11 API calls 18347->18349 18351 7ff6b3be121c 18348->18351 18352 7ff6b3be12bd 18349->18352 18350->18325 18355 7ff6b3bdaf0c __free_lconv_num 11 API calls 18351->18355 18354 7ff6b3be15ab 18353->18354 18356 7ff6b3be12ea 18353->18356 18357 7ff6b3bd54c4 _findclose 11 API calls 18354->18357 18355->18337 18358 7ff6b3be1307 18356->18358 18415 7ff6b3be16dc 18356->18415 18359 7ff6b3be15b0 18357->18359 18362 7ff6b3be137b 18358->18362 18364 7ff6b3be132f 18358->18364 18373 7ff6b3be136f 18358->18373 18361 7ff6b3bdaf0c __free_lconv_num 11 API calls 18359->18361 18361->18352 18369 7ff6b3bdf158 _findclose 11 API calls 18362->18369 18383 7ff6b3be133e 18362->18383 18385 7ff6b3be13a3 18362->18385 18363 7ff6b3be142e 18371 7ff6b3be144b 18363->18371 18381 7ff6b3be149e 18363->18381 18515 7ff6b3bd9c8c 18364->18515 18367 7ff6b3bdf158 _findclose 11 API calls 18372 7ff6b3be13c5 18367->18372 18368 7ff6b3bdaf0c __free_lconv_num 11 API calls 18368->18352 18374 7ff6b3be1395 18369->18374 18377 7ff6b3bdaf0c __free_lconv_num 11 API calls 18371->18377 18378 7ff6b3bdaf0c __free_lconv_num 11 API calls 18372->18378 18373->18363 18373->18383 18521 7ff6b3be78bc 18373->18521 18379 7ff6b3bdaf0c __free_lconv_num 11 API calls 18374->18379 18375 7ff6b3be1357 18375->18373 18382 7ff6b3be16dc 45 API calls 18375->18382 18376 7ff6b3be1339 18380 7ff6b3bd54c4 _findclose 11 API calls 18376->18380 18387 7ff6b3be1454 18377->18387 18378->18373 18379->18385 18380->18383 18381->18383 18384 7ff6b3be3a4c 40 API calls 18381->18384 18382->18373 18383->18368 18386 7ff6b3be14dc 18384->18386 18385->18367 18385->18373 18385->18383 18388 7ff6b3bdaf0c __free_lconv_num 11 API calls 18386->18388 18389 7ff6b3be3a4c 40 API calls 18387->18389 18392 7ff6b3be145a 18387->18392 18390 7ff6b3be14e6 18388->18390 18393 7ff6b3be1486 18389->18393 18390->18383 18390->18392 18391 7ff6b3be159f 18394 7ff6b3bdaf0c __free_lconv_num 11 API calls 18391->18394 18392->18391 18396 7ff6b3bdf158 _findclose 11 API calls 18392->18396 18395 7ff6b3bdaf0c __free_lconv_num 11 API calls 18393->18395 18394->18352 18395->18392 18397 7ff6b3be152b 18396->18397 18398 7ff6b3be1533 18397->18398 18399 7ff6b3be153c 18397->18399 18400 7ff6b3bdaf0c __free_lconv_num 11 API calls 18398->18400 18401 7ff6b3be0e54 _wfindfirst32i64 37 API calls 18399->18401 18402 7ff6b3be153a 18400->18402 18403 7ff6b3be154a 18401->18403 18409 7ff6b3bdaf0c __free_lconv_num 11 API calls 18402->18409 18404 7ff6b3be1552 SetEnvironmentVariableW 18403->18404 18405 7ff6b3be15df 18403->18405 18406 7ff6b3be1597 18404->18406 18407 7ff6b3be1576 18404->18407 18408 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18405->18408 18412 7ff6b3bdaf0c __free_lconv_num 11 API calls 18406->18412 18410 7ff6b3bd54c4 _findclose 11 API calls 18407->18410 18411 7ff6b3be15f3 18408->18411 18409->18352 18413 7ff6b3be157b 18410->18413 18412->18391 18414 7ff6b3bdaf0c __free_lconv_num 11 API calls 18413->18414 18414->18402 18416 7ff6b3be16ff 18415->18416 18417 7ff6b3be171c 18415->18417 18416->18358 18418 7ff6b3bdf158 _findclose 11 API calls 18417->18418 18424 7ff6b3be1740 18418->18424 18419 7ff6b3be17a1 18421 7ff6b3bdaf0c __free_lconv_num 11 API calls 18419->18421 18420 7ff6b3bdaa9c ExFilterRethrow 45 API calls 18422 7ff6b3be17ca 18420->18422 18421->18416 18423 7ff6b3bdf158 _findclose 11 API calls 18423->18424 18424->18419 18424->18423 18425 7ff6b3bdaf0c __free_lconv_num 11 API calls 18424->18425 18426 7ff6b3be0e54 _wfindfirst32i64 37 API calls 18424->18426 18427 7ff6b3be17b0 18424->18427 18429 7ff6b3be17c4 18424->18429 18425->18424 18426->18424 18428 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18427->18428 18428->18429 18429->18420 18431 7ff6b3be1629 18430->18431 18437 7ff6b3be1611 18430->18437 18432 7ff6b3bdf158 _findclose 11 API calls 18431->18432 18440 7ff6b3be164d 18432->18440 18433 7ff6b3bdaa9c ExFilterRethrow 45 API calls 18435 7ff6b3be16d8 18433->18435 18434 7ff6b3be16ae 18436 7ff6b3bdaf0c __free_lconv_num 11 API calls 18434->18436 18436->18437 18437->18291 18438 7ff6b3bdf158 _findclose 11 API calls 18438->18440 18439 7ff6b3bdaf0c __free_lconv_num 11 API calls 18439->18440 18440->18434 18440->18438 18440->18439 18441 7ff6b3bdaa3c __std_exception_copy 37 API calls 18440->18441 18442 7ff6b3be16bd 18440->18442 18444 7ff6b3be16d2 18440->18444 18441->18440 18443 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18442->18443 18443->18444 18444->18433 18446 7ff6b3bd9c60 18445->18446 18447 7ff6b3bd9c69 18445->18447 18446->18447 18545 7ff6b3bd9728 18446->18545 18447->18308 18447->18309 18452 7ff6b3be6bac 18451->18452 18453 7ff6b3be7a09 18451->18453 18454 7ff6b3be6bb9 18452->18454 18461 7ff6b3be6bef 18452->18461 18455 7ff6b3bd4f98 45 API calls 18453->18455 18458 7ff6b3bd54c4 _findclose 11 API calls 18454->18458 18459 7ff6b3be6b60 18454->18459 18457 7ff6b3be7a3d 18455->18457 18456 7ff6b3be6c19 18460 7ff6b3bd54c4 _findclose 11 API calls 18456->18460 18465 7ff6b3be7a53 18457->18465 18468 7ff6b3be7a6a 18457->18468 18482 7ff6b3be7a42 18457->18482 18462 7ff6b3be6bc3 18458->18462 18459->18302 18463 7ff6b3be6c1e 18460->18463 18461->18456 18464 7ff6b3be6c3e 18461->18464 18466 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18462->18466 18467 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18463->18467 18473 7ff6b3bd4f98 45 API calls 18464->18473 18485 7ff6b3be6c29 18464->18485 18469 7ff6b3bd54c4 _findclose 11 API calls 18465->18469 18470 7ff6b3be6bce 18466->18470 18467->18485 18471 7ff6b3be7a74 18468->18471 18472 7ff6b3be7a86 18468->18472 18474 7ff6b3be7a58 18469->18474 18470->18302 18475 7ff6b3bd54c4 _findclose 11 API calls 18471->18475 18476 7ff6b3be7aae 18472->18476 18477 7ff6b3be7a97 18472->18477 18473->18485 18478 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18474->18478 18479 7ff6b3be7a79 18475->18479 18777 7ff6b3be9824 18476->18777 18768 7ff6b3be6bfc 18477->18768 18478->18482 18483 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18479->18483 18482->18302 18483->18482 18485->18302 18486 7ff6b3bd54c4 _findclose 11 API calls 18486->18482 18488 7ff6b3be3a6e 18487->18488 18489 7ff6b3be3a8b 18487->18489 18488->18489 18490 7ff6b3be3a7c 18488->18490 18491 7ff6b3be3a95 18489->18491 18817 7ff6b3be8508 18489->18817 18492 7ff6b3bd54c4 _findclose 11 API calls 18490->18492 18824 7ff6b3be0ebc 18491->18824 18495 7ff6b3be3a81 __scrt_get_show_window_mode 18492->18495 18495->18327 18497 7ff6b3bd4f98 45 API calls 18496->18497 18498 7ff6b3be7b7a 18497->18498 18499 7ff6b3be7b88 18498->18499 18500 7ff6b3bdf3e4 5 API calls 18498->18500 18501 7ff6b3bd5584 14 API calls 18499->18501 18500->18499 18502 7ff6b3be7be4 18501->18502 18503 7ff6b3be7c74 18502->18503 18504 7ff6b3bd4f98 45 API calls 18502->18504 18506 7ff6b3be7c85 18503->18506 18507 7ff6b3bdaf0c __free_lconv_num 11 API calls 18503->18507 18505 7ff6b3be7bf7 18504->18505 18509 7ff6b3bdf3e4 5 API calls 18505->18509 18511 7ff6b3be7c00 18505->18511 18508 7ff6b3be1213 18506->18508 18510 7ff6b3bdaf0c __free_lconv_num 11 API calls 18506->18510 18507->18506 18508->18345 18508->18346 18509->18511 18510->18508 18512 7ff6b3bd5584 14 API calls 18511->18512 18513 7ff6b3be7c5b 18512->18513 18513->18503 18514 7ff6b3be7c63 SetEnvironmentVariableW 18513->18514 18514->18503 18516 7ff6b3bd9ca5 18515->18516 18517 7ff6b3bd9c9c 18515->18517 18516->18375 18516->18376 18517->18516 18836 7ff6b3bd979c 18517->18836 18522 7ff6b3be78c9 18521->18522 18526 7ff6b3be78f6 18521->18526 18523 7ff6b3be78ce 18522->18523 18522->18526 18524 7ff6b3bd54c4 _findclose 11 API calls 18523->18524 18525 7ff6b3be78d3 18524->18525 18528 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18525->18528 18527 7ff6b3be793a 18526->18527 18529 7ff6b3be7959 18526->18529 18543 7ff6b3be792e __crtLCMapStringW 18526->18543 18530 7ff6b3bd54c4 _findclose 11 API calls 18527->18530 18531 7ff6b3be78de 18528->18531 18532 7ff6b3be7963 18529->18532 18533 7ff6b3be7975 18529->18533 18534 7ff6b3be793f 18530->18534 18531->18373 18535 7ff6b3bd54c4 _findclose 11 API calls 18532->18535 18536 7ff6b3bd4f98 45 API calls 18533->18536 18537 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18534->18537 18538 7ff6b3be7968 18535->18538 18539 7ff6b3be7982 18536->18539 18537->18543 18540 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18538->18540 18539->18543 18883 7ff6b3be93e0 18539->18883 18540->18543 18543->18373 18544 7ff6b3bd54c4 _findclose 11 API calls 18544->18543 18546 7ff6b3bd9741 18545->18546 18556 7ff6b3bd973d 18545->18556 18568 7ff6b3be2c60 18546->18568 18551 7ff6b3bd9753 18553 7ff6b3bdaf0c __free_lconv_num 11 API calls 18551->18553 18552 7ff6b3bd975f 18594 7ff6b3bd980c 18552->18594 18553->18556 18556->18447 18560 7ff6b3bd9a7c 18556->18560 18557 7ff6b3bdaf0c __free_lconv_num 11 API calls 18558 7ff6b3bd9786 18557->18558 18559 7ff6b3bdaf0c __free_lconv_num 11 API calls 18558->18559 18559->18556 18561 7ff6b3bd9aa5 18560->18561 18566 7ff6b3bd9abe 18560->18566 18561->18447 18562 7ff6b3bdf158 _findclose 11 API calls 18562->18566 18563 7ff6b3bd9b4e 18565 7ff6b3bdaf0c __free_lconv_num 11 API calls 18563->18565 18564 7ff6b3be04c8 WideCharToMultiByte 18564->18566 18565->18561 18566->18561 18566->18562 18566->18563 18566->18564 18567 7ff6b3bdaf0c __free_lconv_num 11 API calls 18566->18567 18567->18566 18569 7ff6b3be2c6d 18568->18569 18570 7ff6b3bd9746 18568->18570 18613 7ff6b3bdb7e4 18569->18613 18574 7ff6b3be2f9c GetEnvironmentStringsW 18570->18574 18575 7ff6b3bd974b 18574->18575 18576 7ff6b3be2fcc 18574->18576 18575->18551 18575->18552 18577 7ff6b3be04c8 WideCharToMultiByte 18576->18577 18578 7ff6b3be301d 18577->18578 18579 7ff6b3be3024 FreeEnvironmentStringsW 18578->18579 18580 7ff6b3bddbbc _fread_nolock 12 API calls 18578->18580 18579->18575 18581 7ff6b3be3037 18580->18581 18582 7ff6b3be303f 18581->18582 18583 7ff6b3be3048 18581->18583 18584 7ff6b3bdaf0c __free_lconv_num 11 API calls 18582->18584 18585 7ff6b3be04c8 WideCharToMultiByte 18583->18585 18586 7ff6b3be3046 18584->18586 18587 7ff6b3be306b 18585->18587 18586->18579 18588 7ff6b3be306f 18587->18588 18589 7ff6b3be3079 18587->18589 18590 7ff6b3bdaf0c __free_lconv_num 11 API calls 18588->18590 18591 7ff6b3bdaf0c __free_lconv_num 11 API calls 18589->18591 18592 7ff6b3be3077 FreeEnvironmentStringsW 18590->18592 18591->18592 18592->18575 18595 7ff6b3bd9831 18594->18595 18596 7ff6b3bdf158 _findclose 11 API calls 18595->18596 18606 7ff6b3bd9867 18596->18606 18597 7ff6b3bdaf0c __free_lconv_num 11 API calls 18598 7ff6b3bd9767 18597->18598 18598->18557 18599 7ff6b3bd98e2 18600 7ff6b3bdaf0c __free_lconv_num 11 API calls 18599->18600 18600->18598 18601 7ff6b3bdf158 _findclose 11 API calls 18601->18606 18602 7ff6b3bd98d1 18762 7ff6b3bd9a38 18602->18762 18604 7ff6b3bdaa3c __std_exception_copy 37 API calls 18604->18606 18606->18599 18606->18601 18606->18602 18606->18604 18608 7ff6b3bd9907 18606->18608 18609 7ff6b3bd986f 18606->18609 18611 7ff6b3bdaf0c __free_lconv_num 11 API calls 18606->18611 18607 7ff6b3bdaf0c __free_lconv_num 11 API calls 18607->18609 18610 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18608->18610 18609->18597 18612 7ff6b3bd991a 18610->18612 18611->18606 18614 7ff6b3bdb7f5 FlsGetValue 18613->18614 18615 7ff6b3bdb810 FlsSetValue 18613->18615 18616 7ff6b3bdb802 18614->18616 18617 7ff6b3bdb80a 18614->18617 18615->18616 18618 7ff6b3bdb81d 18615->18618 18619 7ff6b3bdaa9c ExFilterRethrow 45 API calls 18616->18619 18621 7ff6b3bdb808 18616->18621 18617->18615 18620 7ff6b3bdf158 _findclose 11 API calls 18618->18620 18622 7ff6b3bdb885 18619->18622 18623 7ff6b3bdb82c 18620->18623 18633 7ff6b3be2934 18621->18633 18624 7ff6b3bdb84a FlsSetValue 18623->18624 18625 7ff6b3bdb83a FlsSetValue 18623->18625 18626 7ff6b3bdb856 FlsSetValue 18624->18626 18627 7ff6b3bdb868 18624->18627 18628 7ff6b3bdb843 18625->18628 18626->18628 18629 7ff6b3bdb4b8 _findclose 11 API calls 18627->18629 18630 7ff6b3bdaf0c __free_lconv_num 11 API calls 18628->18630 18631 7ff6b3bdb870 18629->18631 18630->18616 18632 7ff6b3bdaf0c __free_lconv_num 11 API calls 18631->18632 18632->18621 18656 7ff6b3be2ba4 18633->18656 18635 7ff6b3be2969 18671 7ff6b3be2634 18635->18671 18638 7ff6b3be2986 18638->18570 18639 7ff6b3bddbbc _fread_nolock 12 API calls 18640 7ff6b3be2997 18639->18640 18641 7ff6b3be299f 18640->18641 18643 7ff6b3be29ae 18640->18643 18642 7ff6b3bdaf0c __free_lconv_num 11 API calls 18641->18642 18642->18638 18643->18643 18678 7ff6b3be2cdc 18643->18678 18646 7ff6b3be2aaa 18647 7ff6b3bd54c4 _findclose 11 API calls 18646->18647 18648 7ff6b3be2aaf 18647->18648 18650 7ff6b3bdaf0c __free_lconv_num 11 API calls 18648->18650 18649 7ff6b3be2b05 18652 7ff6b3be2b6c 18649->18652 18689 7ff6b3be2464 18649->18689 18650->18638 18651 7ff6b3be2ac4 18651->18649 18654 7ff6b3bdaf0c __free_lconv_num 11 API calls 18651->18654 18653 7ff6b3bdaf0c __free_lconv_num 11 API calls 18652->18653 18653->18638 18654->18649 18657 7ff6b3be2bc7 18656->18657 18658 7ff6b3be2bd1 18657->18658 18704 7ff6b3be0cb8 EnterCriticalSection 18657->18704 18660 7ff6b3be2c43 18658->18660 18663 7ff6b3bdaa9c ExFilterRethrow 45 API calls 18658->18663 18660->18635 18665 7ff6b3be2c5b 18663->18665 18667 7ff6b3be2cb2 18665->18667 18668 7ff6b3bdb7e4 50 API calls 18665->18668 18667->18635 18669 7ff6b3be2c9c 18668->18669 18670 7ff6b3be2934 65 API calls 18669->18670 18670->18667 18672 7ff6b3bd4f98 45 API calls 18671->18672 18673 7ff6b3be2648 18672->18673 18674 7ff6b3be2654 GetOEMCP 18673->18674 18675 7ff6b3be2666 18673->18675 18677 7ff6b3be267b 18674->18677 18676 7ff6b3be266b GetACP 18675->18676 18675->18677 18676->18677 18677->18638 18677->18639 18679 7ff6b3be2634 47 API calls 18678->18679 18680 7ff6b3be2d09 18679->18680 18681 7ff6b3be2e5f 18680->18681 18683 7ff6b3be2d46 IsValidCodePage 18680->18683 18686 7ff6b3be2d60 __scrt_get_show_window_mode 18680->18686 18682 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 18681->18682 18684 7ff6b3be2aa1 18682->18684 18683->18681 18685 7ff6b3be2d57 18683->18685 18684->18646 18684->18651 18685->18686 18687 7ff6b3be2d86 GetCPInfo 18685->18687 18705 7ff6b3be274c 18686->18705 18687->18681 18687->18686 18761 7ff6b3be0cb8 EnterCriticalSection 18689->18761 18706 7ff6b3be2789 GetCPInfo 18705->18706 18715 7ff6b3be287f 18705->18715 18712 7ff6b3be279c 18706->18712 18706->18715 18707 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 18709 7ff6b3be291e 18707->18709 18708 7ff6b3be34b0 48 API calls 18710 7ff6b3be2813 18708->18710 18709->18681 18716 7ff6b3be8454 18710->18716 18712->18708 18714 7ff6b3be8454 54 API calls 18714->18715 18715->18707 18717 7ff6b3bd4f98 45 API calls 18716->18717 18718 7ff6b3be8479 18717->18718 18721 7ff6b3be8120 18718->18721 18722 7ff6b3be8161 18721->18722 18723 7ff6b3bdfc00 _fread_nolock MultiByteToWideChar 18722->18723 18727 7ff6b3be81ab 18723->18727 18724 7ff6b3be8429 18725 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 18724->18725 18726 7ff6b3be2846 18725->18726 18726->18714 18727->18724 18728 7ff6b3bddbbc _fread_nolock 12 API calls 18727->18728 18729 7ff6b3be82e1 18727->18729 18730 7ff6b3be81e3 18727->18730 18728->18730 18729->18724 18731 7ff6b3bdaf0c __free_lconv_num 11 API calls 18729->18731 18730->18729 18732 7ff6b3bdfc00 _fread_nolock MultiByteToWideChar 18730->18732 18731->18724 18733 7ff6b3be8256 18732->18733 18733->18729 18752 7ff6b3bdf5a4 18733->18752 18736 7ff6b3be82f2 18739 7ff6b3bddbbc _fread_nolock 12 API calls 18736->18739 18740 7ff6b3be83c4 18736->18740 18742 7ff6b3be8310 18736->18742 18737 7ff6b3be82a1 18737->18729 18738 7ff6b3bdf5a4 __crtLCMapStringW 6 API calls 18737->18738 18738->18729 18739->18742 18740->18729 18741 7ff6b3bdaf0c __free_lconv_num 11 API calls 18740->18741 18741->18729 18742->18729 18743 7ff6b3bdf5a4 __crtLCMapStringW 6 API calls 18742->18743 18744 7ff6b3be8390 18743->18744 18744->18740 18745 7ff6b3be83b0 18744->18745 18746 7ff6b3be83c6 18744->18746 18747 7ff6b3be04c8 WideCharToMultiByte 18745->18747 18748 7ff6b3be04c8 WideCharToMultiByte 18746->18748 18749 7ff6b3be83be 18747->18749 18748->18749 18749->18740 18750 7ff6b3be83de 18749->18750 18750->18729 18751 7ff6b3bdaf0c __free_lconv_num 11 API calls 18750->18751 18751->18729 18753 7ff6b3bdf1d0 __crtLCMapStringW 5 API calls 18752->18753 18754 7ff6b3bdf5e2 18753->18754 18757 7ff6b3bdf5ea 18754->18757 18758 7ff6b3bdf690 18754->18758 18756 7ff6b3bdf653 LCMapStringW 18756->18757 18757->18729 18757->18736 18757->18737 18759 7ff6b3bdf1d0 __crtLCMapStringW 5 API calls 18758->18759 18760 7ff6b3bdf6be __crtLCMapStringW 18759->18760 18760->18756 18763 7ff6b3bd9a3d 18762->18763 18764 7ff6b3bd98d9 18762->18764 18765 7ff6b3bd9a66 18763->18765 18766 7ff6b3bdaf0c __free_lconv_num 11 API calls 18763->18766 18764->18607 18767 7ff6b3bdaf0c __free_lconv_num 11 API calls 18765->18767 18766->18763 18767->18764 18769 7ff6b3be6c30 18768->18769 18770 7ff6b3be6c19 18768->18770 18769->18770 18774 7ff6b3be6c3e 18769->18774 18771 7ff6b3bd54c4 _findclose 11 API calls 18770->18771 18772 7ff6b3be6c1e 18771->18772 18773 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18772->18773 18776 7ff6b3be6c29 18773->18776 18775 7ff6b3bd4f98 45 API calls 18774->18775 18774->18776 18775->18776 18776->18482 18778 7ff6b3bd4f98 45 API calls 18777->18778 18779 7ff6b3be9849 18778->18779 18782 7ff6b3be94a0 18779->18782 18785 7ff6b3be94ee 18782->18785 18783 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 18784 7ff6b3be7ad5 18783->18784 18784->18482 18784->18486 18786 7ff6b3be9575 18785->18786 18788 7ff6b3be9560 GetCPInfo 18785->18788 18791 7ff6b3be9579 18785->18791 18787 7ff6b3bdfc00 _fread_nolock MultiByteToWideChar 18786->18787 18786->18791 18789 7ff6b3be960d 18787->18789 18788->18786 18788->18791 18790 7ff6b3bddbbc _fread_nolock 12 API calls 18789->18790 18789->18791 18792 7ff6b3be9644 18789->18792 18790->18792 18791->18783 18792->18791 18793 7ff6b3bdfc00 _fread_nolock MultiByteToWideChar 18792->18793 18794 7ff6b3be96b2 18793->18794 18795 7ff6b3bdfc00 _fread_nolock MultiByteToWideChar 18794->18795 18805 7ff6b3be9794 18794->18805 18797 7ff6b3be96d8 18795->18797 18796 7ff6b3bdaf0c __free_lconv_num 11 API calls 18796->18791 18798 7ff6b3bddbbc _fread_nolock 12 API calls 18797->18798 18799 7ff6b3be9705 18797->18799 18797->18805 18798->18799 18800 7ff6b3bdfc00 _fread_nolock MultiByteToWideChar 18799->18800 18799->18805 18801 7ff6b3be977c 18800->18801 18802 7ff6b3be9782 18801->18802 18803 7ff6b3be979c 18801->18803 18802->18805 18807 7ff6b3bdaf0c __free_lconv_num 11 API calls 18802->18807 18811 7ff6b3bdf428 18803->18811 18805->18791 18805->18796 18807->18805 18808 7ff6b3be97db 18808->18791 18810 7ff6b3bdaf0c __free_lconv_num 11 API calls 18808->18810 18809 7ff6b3bdaf0c __free_lconv_num 11 API calls 18809->18808 18810->18791 18812 7ff6b3bdf1d0 __crtLCMapStringW 5 API calls 18811->18812 18813 7ff6b3bdf466 18812->18813 18814 7ff6b3bdf690 __crtLCMapStringW 5 API calls 18813->18814 18815 7ff6b3bdf46e 18813->18815 18816 7ff6b3bdf4d7 CompareStringW 18814->18816 18815->18808 18815->18809 18816->18815 18818 7ff6b3be8511 18817->18818 18819 7ff6b3be852a HeapSize 18817->18819 18820 7ff6b3bd54c4 _findclose 11 API calls 18818->18820 18821 7ff6b3be8516 18820->18821 18822 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18821->18822 18823 7ff6b3be8521 18822->18823 18823->18491 18825 7ff6b3be0ed1 18824->18825 18826 7ff6b3be0edb 18824->18826 18827 7ff6b3bddbbc _fread_nolock 12 API calls 18825->18827 18828 7ff6b3be0ee0 18826->18828 18834 7ff6b3be0ee7 _findclose 18826->18834 18833 7ff6b3be0ed9 18827->18833 18831 7ff6b3bdaf0c __free_lconv_num 11 API calls 18828->18831 18829 7ff6b3be0f1a HeapReAlloc 18829->18833 18829->18834 18830 7ff6b3be0eed 18832 7ff6b3bd54c4 _findclose 11 API calls 18830->18832 18831->18833 18832->18833 18833->18495 18834->18829 18834->18830 18835 7ff6b3be3c00 _findclose 2 API calls 18834->18835 18835->18834 18837 7ff6b3bd97b5 18836->18837 18838 7ff6b3bd97b1 18836->18838 18857 7ff6b3be30ac GetEnvironmentStringsW 18837->18857 18838->18516 18849 7ff6b3bd9b5c 18838->18849 18841 7ff6b3bd97c2 18843 7ff6b3bdaf0c __free_lconv_num 11 API calls 18841->18843 18842 7ff6b3bd97ce 18864 7ff6b3bd991c 18842->18864 18843->18838 18846 7ff6b3bdaf0c __free_lconv_num 11 API calls 18847 7ff6b3bd97f5 18846->18847 18848 7ff6b3bdaf0c __free_lconv_num 11 API calls 18847->18848 18848->18838 18850 7ff6b3bd9b96 18849->18850 18851 7ff6b3bd9b7f 18849->18851 18850->18851 18852 7ff6b3bdf158 _findclose 11 API calls 18850->18852 18853 7ff6b3bd9c0a 18850->18853 18854 7ff6b3bdfc00 MultiByteToWideChar _fread_nolock 18850->18854 18856 7ff6b3bdaf0c __free_lconv_num 11 API calls 18850->18856 18851->18516 18852->18850 18855 7ff6b3bdaf0c __free_lconv_num 11 API calls 18853->18855 18854->18850 18855->18851 18856->18850 18858 7ff6b3bd97ba 18857->18858 18859 7ff6b3be30d0 18857->18859 18858->18841 18858->18842 18860 7ff6b3bddbbc _fread_nolock 12 API calls 18859->18860 18861 7ff6b3be3107 memcpy_s 18860->18861 18862 7ff6b3bdaf0c __free_lconv_num 11 API calls 18861->18862 18863 7ff6b3be3127 FreeEnvironmentStringsW 18862->18863 18863->18858 18865 7ff6b3bd9944 18864->18865 18866 7ff6b3bdf158 _findclose 11 API calls 18865->18866 18878 7ff6b3bd997f 18866->18878 18867 7ff6b3bd9987 18868 7ff6b3bdaf0c __free_lconv_num 11 API calls 18867->18868 18869 7ff6b3bd97d6 18868->18869 18869->18846 18870 7ff6b3bd9a01 18871 7ff6b3bdaf0c __free_lconv_num 11 API calls 18870->18871 18871->18869 18872 7ff6b3bdf158 _findclose 11 API calls 18872->18878 18873 7ff6b3bd99f0 18875 7ff6b3bd9a38 11 API calls 18873->18875 18874 7ff6b3be0e54 _wfindfirst32i64 37 API calls 18874->18878 18876 7ff6b3bd99f8 18875->18876 18879 7ff6b3bdaf0c __free_lconv_num 11 API calls 18876->18879 18877 7ff6b3bd9a24 18880 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18877->18880 18878->18867 18878->18870 18878->18872 18878->18873 18878->18874 18878->18877 18881 7ff6b3bdaf0c __free_lconv_num 11 API calls 18878->18881 18879->18867 18882 7ff6b3bd9a36 18880->18882 18881->18878 18884 7ff6b3be9409 __crtLCMapStringW 18883->18884 18885 7ff6b3be79be 18884->18885 18886 7ff6b3bdf428 6 API calls 18884->18886 18885->18543 18885->18544 18886->18885 19444 7ff6b3bdcae0 19455 7ff6b3be0cb8 EnterCriticalSection 19444->19455 19456 7ff6b3bda2e0 19459 7ff6b3bda25c 19456->19459 19466 7ff6b3be0cb8 EnterCriticalSection 19459->19466 19473 7ff6b3beaaf4 19476 7ff6b3bd5378 LeaveCriticalSection 19473->19476 19853 7ff6b3bea96e 19854 7ff6b3bea97e 19853->19854 19857 7ff6b3bd5378 LeaveCriticalSection 19854->19857 18230 7ff6b3bdfcec 18231 7ff6b3bdfede 18230->18231 18233 7ff6b3bdfd2e _isindst 18230->18233 18232 7ff6b3bd54c4 _findclose 11 API calls 18231->18232 18250 7ff6b3bdfece 18232->18250 18233->18231 18236 7ff6b3bdfdae _isindst 18233->18236 18234 7ff6b3bcbcc0 _wfindfirst32i64 8 API calls 18235 7ff6b3bdfef9 18234->18235 18251 7ff6b3be6904 18236->18251 18241 7ff6b3bdff0a 18243 7ff6b3bdaec4 _wfindfirst32i64 17 API calls 18241->18243 18244 7ff6b3bdff1e 18243->18244 18248 7ff6b3bdfe0b 18248->18250 18275 7ff6b3be6948 18248->18275 18250->18234 18252 7ff6b3be6913 18251->18252 18255 7ff6b3bdfdcc 18251->18255 18282 7ff6b3be0cb8 EnterCriticalSection 18252->18282 18257 7ff6b3be5d08 18255->18257 18258 7ff6b3be5d11 18257->18258 18259 7ff6b3bdfde1 18257->18259 18260 7ff6b3bd54c4 _findclose 11 API calls 18258->18260 18259->18241 18263 7ff6b3be5d38 18259->18263 18261 7ff6b3be5d16 18260->18261 18262 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18261->18262 18262->18259 18264 7ff6b3be5d41 18263->18264 18265 7ff6b3bdfdf2 18263->18265 18266 7ff6b3bd54c4 _findclose 11 API calls 18264->18266 18265->18241 18269 7ff6b3be5d68 18265->18269 18267 7ff6b3be5d46 18266->18267 18268 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18267->18268 18268->18265 18270 7ff6b3be5d71 18269->18270 18271 7ff6b3bdfe03 18269->18271 18272 7ff6b3bd54c4 _findclose 11 API calls 18270->18272 18271->18241 18271->18248 18273 7ff6b3be5d76 18272->18273 18274 7ff6b3bdaea4 _invalid_parameter_noinfo 37 API calls 18273->18274 18274->18271 18283 7ff6b3be0cb8 EnterCriticalSection 18275->18283

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF6B3BE6370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 133 7ff6b3be6370-7ff6b3be63ab call 7ff6b3be5cf8 call 7ff6b3be5d00 call 7ff6b3be5d68 140 7ff6b3be65d5-7ff6b3be6621 call 7ff6b3bdaec4 call 7ff6b3be5cf8 call 7ff6b3be5d00 call 7ff6b3be5d68 133->140 141 7ff6b3be63b1-7ff6b3be63bc call 7ff6b3be5d08 133->141 167 7ff6b3be675f-7ff6b3be67cd call 7ff6b3bdaec4 call 7ff6b3be1be8 140->167 168 7ff6b3be6627-7ff6b3be6632 call 7ff6b3be5d08 140->168 141->140 147 7ff6b3be63c2-7ff6b3be63cc 141->147 149 7ff6b3be63ee-7ff6b3be63f2 147->149 150 7ff6b3be63ce-7ff6b3be63d1 147->150 151 7ff6b3be63f5-7ff6b3be63fd 149->151 153 7ff6b3be63d4-7ff6b3be63df 150->153 151->151 154 7ff6b3be63ff-7ff6b3be6412 call 7ff6b3bddbbc 151->154 156 7ff6b3be63e1-7ff6b3be63e8 153->156 157 7ff6b3be63ea-7ff6b3be63ec 153->157 163 7ff6b3be6414-7ff6b3be6416 call 7ff6b3bdaf0c 154->163 164 7ff6b3be642a-7ff6b3be6436 call 7ff6b3bdaf0c 154->164 156->153 156->157 157->149 158 7ff6b3be641b-7ff6b3be6429 157->158 163->158 174 7ff6b3be643d-7ff6b3be6445 164->174 185 7ff6b3be67cf-7ff6b3be67d6 167->185 186 7ff6b3be67db-7ff6b3be67de 167->186 168->167 176 7ff6b3be6638-7ff6b3be6643 call 7ff6b3be5d38 168->176 174->174 177 7ff6b3be6447-7ff6b3be6458 call 7ff6b3be0e54 174->177 176->167 187 7ff6b3be6649-7ff6b3be666c call 7ff6b3bdaf0c GetTimeZoneInformation 176->187 177->140 188 7ff6b3be645e-7ff6b3be64b4 call 7ff6b3bcd0e0 * 4 call 7ff6b3be628c 177->188 190 7ff6b3be686b-7ff6b3be686e 185->190 191 7ff6b3be6815-7ff6b3be6828 call 7ff6b3bddbbc 186->191 192 7ff6b3be67e0 186->192 199 7ff6b3be6672-7ff6b3be6693 187->199 200 7ff6b3be6734-7ff6b3be675e call 7ff6b3be5cf0 call 7ff6b3be5ce0 call 7ff6b3be5ce8 187->200 245 7ff6b3be64b6-7ff6b3be64ba 188->245 196 7ff6b3be67e3 190->196 197 7ff6b3be6874-7ff6b3be687c call 7ff6b3be6370 190->197 211 7ff6b3be6833-7ff6b3be684e call 7ff6b3be1be8 191->211 212 7ff6b3be682a 191->212 192->196 204 7ff6b3be67e8-7ff6b3be6814 call 7ff6b3bdaf0c call 7ff6b3bcbcc0 196->204 205 7ff6b3be67e3 call 7ff6b3be65ec 196->205 197->204 206 7ff6b3be6695-7ff6b3be669b 199->206 207 7ff6b3be669e-7ff6b3be66a5 199->207 205->204 206->207 214 7ff6b3be66a7-7ff6b3be66af 207->214 215 7ff6b3be66b9 207->215 233 7ff6b3be6855-7ff6b3be6867 call 7ff6b3bdaf0c 211->233 234 7ff6b3be6850-7ff6b3be6853 211->234 219 7ff6b3be682c-7ff6b3be6831 call 7ff6b3bdaf0c 212->219 214->215 221 7ff6b3be66b1-7ff6b3be66b7 214->221 224 7ff6b3be66bb-7ff6b3be672f call 7ff6b3bcd0e0 * 4 call 7ff6b3be31cc call 7ff6b3be6884 * 2 215->224 219->192 221->224 224->200 233->190 234->219 247 7ff6b3be64c0-7ff6b3be64c4 245->247 248 7ff6b3be64bc 245->248 247->245 250 7ff6b3be64c6-7ff6b3be64eb call 7ff6b3bd706c 247->250 248->247 256 7ff6b3be64ee-7ff6b3be64f2 250->256 258 7ff6b3be64f4-7ff6b3be64ff 256->258 259 7ff6b3be6501-7ff6b3be6505 256->259 258->259 261 7ff6b3be6507-7ff6b3be650b 258->261 259->256 264 7ff6b3be650d-7ff6b3be6535 call 7ff6b3bd706c 261->264 265 7ff6b3be658c-7ff6b3be6590 261->265 273 7ff6b3be6553-7ff6b3be6557 264->273 274 7ff6b3be6537 264->274 266 7ff6b3be6592-7ff6b3be6594 265->266 267 7ff6b3be6597-7ff6b3be65a4 265->267 266->267 269 7ff6b3be65bf-7ff6b3be65ce call 7ff6b3be5cf0 call 7ff6b3be5ce0 267->269 270 7ff6b3be65a6-7ff6b3be65bc call 7ff6b3be628c 267->270 269->140 270->269 273->265 279 7ff6b3be6559-7ff6b3be6577 call 7ff6b3bd706c 273->279 277 7ff6b3be653a-7ff6b3be6541 274->277 277->273 280 7ff6b3be6543-7ff6b3be6551 277->280 285 7ff6b3be6583-7ff6b3be658a 279->285 280->273 280->277 285->265 286 7ff6b3be6579-7ff6b3be657d 285->286 286->265 287 7ff6b3be657f 286->287 287->285
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE63B5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BE5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BE5D1C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF22
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAF0C: GetLastError.KERNEL32(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF2C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6B3BDAEA3,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDAECD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6B3BDAEA3,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDAEF2
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE63A4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BE5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BE5D7C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE661A
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE662B
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE663C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B3BE687C), ref: 00007FF6B3BE6663
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                          • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                          • Instruction ID: b2ee2a77ba503baa74b75087926ca0d4ee577c38abbb3eec57baec0348989cd2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D1F466B2836246E720DF2DD8526B963A1EF65784F40853AEB8DE368DDF3CE441C340
                                                                                                                                                                                                                                          Function 00007FF6B3BE72BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 318 7ff6b3be72bc-7ff6b3be732f call 7ff6b3be6ff0 321 7ff6b3be7331-7ff6b3be733a call 7ff6b3bd54a4 318->321 322 7ff6b3be7349-7ff6b3be7353 call 7ff6b3bd8434 318->322 329 7ff6b3be733d-7ff6b3be7344 call 7ff6b3bd54c4 321->329 327 7ff6b3be7355-7ff6b3be736c call 7ff6b3bd54a4 call 7ff6b3bd54c4 322->327 328 7ff6b3be736e-7ff6b3be73d7 CreateFileW 322->328 327->329 331 7ff6b3be7454-7ff6b3be745f GetFileType 328->331 332 7ff6b3be73d9-7ff6b3be73df 328->332 340 7ff6b3be768a-7ff6b3be76aa 329->340 335 7ff6b3be74b2-7ff6b3be74b9 331->335 336 7ff6b3be7461-7ff6b3be749c GetLastError call 7ff6b3bd5438 CloseHandle 331->336 338 7ff6b3be7421-7ff6b3be744f GetLastError call 7ff6b3bd5438 332->338 339 7ff6b3be73e1-7ff6b3be73e5 332->339 343 7ff6b3be74c1-7ff6b3be74c4 335->343 344 7ff6b3be74bb-7ff6b3be74bf 335->344 336->329 352 7ff6b3be74a2-7ff6b3be74ad call 7ff6b3bd54c4 336->352 338->329 339->338 345 7ff6b3be73e7-7ff6b3be741f CreateFileW 339->345 349 7ff6b3be74ca-7ff6b3be751f call 7ff6b3bd834c 343->349 350 7ff6b3be74c6 343->350 344->349 345->331 345->338 357 7ff6b3be753e-7ff6b3be756f call 7ff6b3be6d70 349->357 358 7ff6b3be7521-7ff6b3be752d call 7ff6b3be71f8 349->358 350->349 352->329 364 7ff6b3be7575-7ff6b3be75b7 357->364 365 7ff6b3be7571-7ff6b3be7573 357->365 358->357 363 7ff6b3be752f 358->363 366 7ff6b3be7531-7ff6b3be7539 call 7ff6b3bdb084 363->366 367 7ff6b3be75d9-7ff6b3be75e4 364->367 368 7ff6b3be75b9-7ff6b3be75bd 364->368 365->366 366->340 371 7ff6b3be75ea-7ff6b3be75ee 367->371 372 7ff6b3be7688 367->372 368->367 370 7ff6b3be75bf-7ff6b3be75d4 368->370 370->367 371->372 374 7ff6b3be75f4-7ff6b3be7639 CloseHandle CreateFileW 371->374 372->340 375 7ff6b3be766e-7ff6b3be7683 374->375 376 7ff6b3be763b-7ff6b3be7669 GetLastError call 7ff6b3bd5438 call 7ff6b3bd8574 374->376 375->372 376->375
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                          • Instruction ID: 1ed3125690741f03226552a07f875754a2f38c5f14ea6cdf253e27a5a7bd75bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77C1B437B28B5285EB50CF6DC4525AC3771EB9AB98B010625DFAEA7399CF38D056C340
                                                                                                                                                                                                                                          Function 00007FF6B3BC7950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF6B3BC154F), ref: 00007FF6B3BC79E7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC7B60: GetEnvironmentVariableW.KERNEL32(00007FF6B3BC3A1F), ref: 00007FF6B3BC7B9A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC7B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6B3BC7BB7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BD7DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BD7E05
                                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32 ref: 00007FF6B3BC7AA1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC2B30: MessageBoxW.USER32 ref: 00007FF6B3BC2C05
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                          • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                          • Opcode ID: d0ee005bfdeb011a84540aff6346199bb1fc02b76f4ac94b865217064e0c6b04
                                                                                                                                                                                                                                          • Instruction ID: e4392caa8fd112085754665aced4fb37fab7c4e8a4294bbd3cb3d7be6f7356c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0ee005bfdeb011a84540aff6346199bb1fc02b76f4ac94b865217064e0c6b04
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051C715B5D65355FE28A72E58132BA52515FABBC0F844431EF8EEB7AFEE3CE4018600
                                                                                                                                                                                                                                          Function 00007FF6B3BE65EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 766 7ff6b3be65ec-7ff6b3be6621 call 7ff6b3be5cf8 call 7ff6b3be5d00 call 7ff6b3be5d68 773 7ff6b3be675f-7ff6b3be67cd call 7ff6b3bdaec4 call 7ff6b3be1be8 766->773 774 7ff6b3be6627-7ff6b3be6632 call 7ff6b3be5d08 766->774 785 7ff6b3be67cf-7ff6b3be67d6 773->785 786 7ff6b3be67db-7ff6b3be67de 773->786 774->773 779 7ff6b3be6638-7ff6b3be6643 call 7ff6b3be5d38 774->779 779->773 787 7ff6b3be6649-7ff6b3be666c call 7ff6b3bdaf0c GetTimeZoneInformation 779->787 788 7ff6b3be686b-7ff6b3be686e 785->788 789 7ff6b3be6815-7ff6b3be6828 call 7ff6b3bddbbc 786->789 790 7ff6b3be67e0 786->790 796 7ff6b3be6672-7ff6b3be6693 787->796 797 7ff6b3be6734-7ff6b3be675e call 7ff6b3be5cf0 call 7ff6b3be5ce0 call 7ff6b3be5ce8 787->797 793 7ff6b3be67e3 788->793 794 7ff6b3be6874-7ff6b3be687c call 7ff6b3be6370 788->794 806 7ff6b3be6833-7ff6b3be684e call 7ff6b3be1be8 789->806 807 7ff6b3be682a 789->807 790->793 800 7ff6b3be67e8-7ff6b3be6814 call 7ff6b3bdaf0c call 7ff6b3bcbcc0 793->800 801 7ff6b3be67e3 call 7ff6b3be65ec 793->801 794->800 802 7ff6b3be6695-7ff6b3be669b 796->802 803 7ff6b3be669e-7ff6b3be66a5 796->803 801->800 802->803 809 7ff6b3be66a7-7ff6b3be66af 803->809 810 7ff6b3be66b9 803->810 825 7ff6b3be6855-7ff6b3be6867 call 7ff6b3bdaf0c 806->825 826 7ff6b3be6850-7ff6b3be6853 806->826 813 7ff6b3be682c-7ff6b3be6831 call 7ff6b3bdaf0c 807->813 809->810 815 7ff6b3be66b1-7ff6b3be66b7 809->815 817 7ff6b3be66bb-7ff6b3be672f call 7ff6b3bcd0e0 * 4 call 7ff6b3be31cc call 7ff6b3be6884 * 2 810->817 813->790 815->817 817->797 825->788 826->813
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE661A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BE5D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BE5D7C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE662B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BE5D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BE5D1C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6B3BE663C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BE5D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BE5D4C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF22
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAF0C: GetLastError.KERNEL32(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF2C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B3BE687C), ref: 00007FF6B3BE6663
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                          • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                          • Instruction ID: 71e2ff1ced31d5b60342bb4a0704da24ca505d32f09841d8a82f60244945606e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE51B336B2875286E710DF2DD8925A96360BF69784F40553AEB8DE369ADF3CE4408740
                                                                                                                                                                                                                                          Function 00007FF6B3BE0F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                                                          • Opcode ID: 08e5aa8e339564cd7a7b65546afe2f45283a9087c0a557908bbbf8b75e3d7d61
                                                                                                                                                                                                                                          • Instruction ID: 0145bd612a8447c210c3cb6ee26921303140a64ea7e13a1fe1e927b5672c0865
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08e5aa8e339564cd7a7b65546afe2f45283a9087c0a557908bbbf8b75e3d7d61
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1002B361B2D76340FA50AB2ED4172792790AF62B90F554A75DFEDE63DADE3CE4018300
                                                                                                                                                                                                                                          Function 00007FF6B3BC1710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff6b3bc1710-7ff6b3bc1724 1 7ff6b3bc173e-7ff6b3bc1742 0->1 2 7ff6b3bc1726-7ff6b3bc173d call 7ff6b3bc2b30 0->2 4 7ff6b3bc1744-7ff6b3bc174d call 7ff6b3bc12b0 1->4 5 7ff6b3bc1768-7ff6b3bc178b call 7ff6b3bc7c10 1->5 11 7ff6b3bc175f-7ff6b3bc1767 4->11 12 7ff6b3bc174f-7ff6b3bc175a call 7ff6b3bc2b30 4->12 13 7ff6b3bc17b9-7ff6b3bc17d4 call 7ff6b3bc3fd0 5->13 14 7ff6b3bc178d-7ff6b3bc17b8 call 7ff6b3bc2890 5->14 12->11 20 7ff6b3bc17ee-7ff6b3bc1801 call 7ff6b3bd0814 13->20 21 7ff6b3bc17d6-7ff6b3bc17e9 call 7ff6b3bc2b30 13->21 27 7ff6b3bc1823-7ff6b3bc1827 20->27 28 7ff6b3bc1803-7ff6b3bc181e call 7ff6b3bc2890 20->28 26 7ff6b3bc192f-7ff6b3bc1932 call 7ff6b3bd018c 21->26 36 7ff6b3bc1937-7ff6b3bc194e 26->36 31 7ff6b3bc1841-7ff6b3bc1861 call 7ff6b3bd4f90 27->31 32 7ff6b3bc1829-7ff6b3bc1835 call 7ff6b3bc1050 27->32 39 7ff6b3bc1927-7ff6b3bc192a call 7ff6b3bd018c 28->39 40 7ff6b3bc1863-7ff6b3bc187d call 7ff6b3bc2890 31->40 41 7ff6b3bc1882-7ff6b3bc1888 31->41 37 7ff6b3bc183a-7ff6b3bc183c 32->37 37->39 39->26 49 7ff6b3bc191d-7ff6b3bc1922 40->49 44 7ff6b3bc188e-7ff6b3bc1897 41->44 45 7ff6b3bc1915-7ff6b3bc1918 call 7ff6b3bd4f7c 41->45 48 7ff6b3bc18a0-7ff6b3bc18c2 call 7ff6b3bd04dc 44->48 45->49 52 7ff6b3bc18f5-7ff6b3bc18fc 48->52 53 7ff6b3bc18c4-7ff6b3bc18dc call 7ff6b3bd0c1c 48->53 49->39 54 7ff6b3bc1903-7ff6b3bc190b call 7ff6b3bc2890 52->54 58 7ff6b3bc18de-7ff6b3bc18e1 53->58 59 7ff6b3bc18e5-7ff6b3bc18f3 53->59 62 7ff6b3bc1910 54->62 58->48 61 7ff6b3bc18e3 58->61 59->54 61->62 62->45
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                          • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                          • Opcode ID: 87343fe10619d9e83b33ad50ad85e1553a80dad7a26c37df04226b889a4fe075
                                                                                                                                                                                                                                          • Instruction ID: ca2dd35227243b240ec5785a8e71e114b4298579f7851d8d075bb5f551b1c885
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87343fe10619d9e83b33ad50ad85e1553a80dad7a26c37df04226b889a4fe075
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF51BF61F1C64286EA20DB1DE8522B96390BF66794F844531EF8DBB79EDF3CE2458700
                                                                                                                                                                                                                                          Function 00007FF6B3BC8950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000100000001,00007FF6B3BC414C,00007FF6B3BC7911,?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC8990
                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC89A1
                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC89C3
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC89CD
                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC8A0A
                                                                                                                                                                                                                                          • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6B3BC8A1C
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC8A34
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC8A66
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF6B3BC8A8D
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00007FF6B3BC7D26,?,00007FF6B3BC1785), ref: 00007FF6B3BC8A9E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                          • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                          • Opcode ID: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                          • Instruction ID: d6494331bf720074338b89bd8602114b30f21a605538241571900743aa1fcf6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3741803172C78682EB20DF58E4466AA6361FB96790F441631EBDED769DDF3CE4448700
                                                                                                                                                                                                                                          Function 00007FF6B3BC1AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                          • Opcode ID: 885a60bfd35d189cc9b4b7bd662c89924dd8b692e04ef3321e80749b8243a107
                                                                                                                                                                                                                                          • Instruction ID: a88b1020fee127bbdcee3b52f24a28239f31afb1ff8f5f5676868116e254ebc7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 885a60bfd35d189cc9b4b7bd662c89924dd8b692e04ef3321e80749b8243a107
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE519171B0960286EB24DF2CD44217977A0EF6AB84B914535EB8CE779DDE7CE840CB44
                                                                                                                                                                                                                                          Function 00007FF6B3BC8080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                          • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                          • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                          • Instruction ID: 465de303f2c9209ce07147f6f65e944b0e259d0f2ab050481c16366a628bdcd9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6141F231B18B8686DA20DB68E4562AAB364FFA5360F500735E7ED977D9DF7CD0448B00
                                                                                                                                                                                                                                          Function 00007FF6B3BC1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 381 7ff6b3bc1000-7ff6b3bc39d6 call 7ff6b3bcff60 call 7ff6b3bcff58 call 7ff6b3bc86b0 call 7ff6b3bcff58 call 7ff6b3bcbc60 call 7ff6b3bd52f0 call 7ff6b3bd5ef8 call 7ff6b3bc1eb0 399 7ff6b3bc3ad2 381->399 400 7ff6b3bc39dc-7ff6b3bc39ec call 7ff6b3bc3ec0 381->400 401 7ff6b3bc3ad7-7ff6b3bc3af7 call 7ff6b3bcbcc0 399->401 400->399 406 7ff6b3bc39f2-7ff6b3bc3a05 call 7ff6b3bc3d90 400->406 406->399 409 7ff6b3bc3a0b-7ff6b3bc3a32 call 7ff6b3bc7b60 406->409 412 7ff6b3bc3a74-7ff6b3bc3a9c call 7ff6b3bc8040 call 7ff6b3bc1cb0 409->412 413 7ff6b3bc3a34-7ff6b3bc3a43 call 7ff6b3bc7b60 409->413 423 7ff6b3bc3b71-7ff6b3bc3b82 412->423 424 7ff6b3bc3aa2-7ff6b3bc3ab8 call 7ff6b3bc1cb0 412->424 413->412 419 7ff6b3bc3a45-7ff6b3bc3a4b 413->419 421 7ff6b3bc3a57-7ff6b3bc3a71 call 7ff6b3bd4f7c call 7ff6b3bc8040 419->421 422 7ff6b3bc3a4d-7ff6b3bc3a55 419->422 421->412 422->421 427 7ff6b3bc3b9e-7ff6b3bc3ba1 423->427 428 7ff6b3bc3b84-7ff6b3bc3b8b 423->428 438 7ff6b3bc3af8-7ff6b3bc3afb 424->438 439 7ff6b3bc3aba-7ff6b3bc3acd call 7ff6b3bc2b30 424->439 430 7ff6b3bc3ba3-7ff6b3bc3ba9 427->430 431 7ff6b3bc3bb7-7ff6b3bc3bcf call 7ff6b3bc8ae0 427->431 428->427 433 7ff6b3bc3b8d-7ff6b3bc3b90 call 7ff6b3bc14f0 428->433 435 7ff6b3bc3bef-7ff6b3bc3bfc call 7ff6b3bc6de0 430->435 436 7ff6b3bc3bab-7ff6b3bc3bb5 430->436 447 7ff6b3bc3bd1-7ff6b3bc3bdd call 7ff6b3bc2b30 431->447 448 7ff6b3bc3be2-7ff6b3bc3be9 SetDllDirectoryW 431->448 446 7ff6b3bc3b95-7ff6b3bc3b98 433->446 452 7ff6b3bc3bfe-7ff6b3bc3c0b call 7ff6b3bc6a90 435->452 453 7ff6b3bc3c47-7ff6b3bc3c4c call 7ff6b3bc6d60 435->453 436->431 436->435 438->423 445 7ff6b3bc3afd-7ff6b3bc3b14 call 7ff6b3bc3fd0 438->445 439->399 455 7ff6b3bc3b16-7ff6b3bc3b19 445->455 456 7ff6b3bc3b1b-7ff6b3bc3b47 call 7ff6b3bc82b0 445->456 446->399 446->427 447->399 448->435 452->453 468 7ff6b3bc3c0d-7ff6b3bc3c1c call 7ff6b3bc65f0 452->468 462 7ff6b3bc3c51-7ff6b3bc3c54 453->462 460 7ff6b3bc3b56-7ff6b3bc3b6c call 7ff6b3bc2b30 455->460 456->423 471 7ff6b3bc3b49-7ff6b3bc3b51 call 7ff6b3bd018c 456->471 460->399 466 7ff6b3bc3d06-7ff6b3bc3d15 call 7ff6b3bc34c0 462->466 467 7ff6b3bc3c5a-7ff6b3bc3c67 462->467 466->399 483 7ff6b3bc3d1b-7ff6b3bc3d4d call 7ff6b3bc7fd0 call 7ff6b3bc7b60 call 7ff6b3bc3620 call 7ff6b3bc8080 466->483 473 7ff6b3bc3c70-7ff6b3bc3c7a 467->473 481 7ff6b3bc3c1e-7ff6b3bc3c2a call 7ff6b3bc6570 468->481 482 7ff6b3bc3c3d-7ff6b3bc3c42 call 7ff6b3bc6840 468->482 471->460 477 7ff6b3bc3c83-7ff6b3bc3c85 473->477 478 7ff6b3bc3c7c-7ff6b3bc3c81 473->478 479 7ff6b3bc3cd1-7ff6b3bc3d01 call 7ff6b3bc3620 call 7ff6b3bc3460 call 7ff6b3bc3610 call 7ff6b3bc6840 call 7ff6b3bc6d60 477->479 480 7ff6b3bc3c87-7ff6b3bc3caa call 7ff6b3bc1ef0 477->480 478->473 478->477 479->401 480->399 494 7ff6b3bc3cb0-7ff6b3bc3cba 480->494 481->482 495 7ff6b3bc3c2c-7ff6b3bc3c3b call 7ff6b3bc6c30 481->495 482->453 509 7ff6b3bc3d52-7ff6b3bc3d6f call 7ff6b3bc6840 call 7ff6b3bc6d60 483->509 498 7ff6b3bc3cc0-7ff6b3bc3ccf 494->498 495->462 498->479 498->498 517 7ff6b3bc3d71-7ff6b3bc3d78 call 7ff6b3bc7d40 509->517 518 7ff6b3bc3d7d-7ff6b3bc3d87 call 7ff6b3bc1e80 509->518 517->518 518->401
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC3EC0: GetModuleFileNameW.KERNEL32(?,00007FF6B3BC39EA), ref: 00007FF6B3BC3EF1
                                                                                                                                                                                                                                          • SetDllDirectoryW.KERNEL32 ref: 00007FF6B3BC3BE9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC7B60: GetEnvironmentVariableW.KERNEL32(00007FF6B3BC3A1F), ref: 00007FF6B3BC7B9A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC7B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6B3BC7BB7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                          • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                          • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                          • Opcode ID: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                                                                                                                          • Instruction ID: 7cb3e3aa2ced0d8d8702cc75549c3fce642dbbfb5def9843bbe28f23db9ab98f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc804580661d330fd68571be0a8a6f4046a9eb4bd7f0ff81acb8572ffe878501
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CB1A022B2C68751EA34AB2D94532FD2290BF66784FC40135EBCDE769EEE2CE515C740
                                                                                                                                                                                                                                          Function 00007FF6B3BC1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 522 7ff6b3bc1050-7ff6b3bc10ab call 7ff6b3bcb4e0 525 7ff6b3bc10d3-7ff6b3bc10eb call 7ff6b3bd4f90 522->525 526 7ff6b3bc10ad-7ff6b3bc10d2 call 7ff6b3bc2b30 522->526 531 7ff6b3bc1109-7ff6b3bc1119 call 7ff6b3bd4f90 525->531 532 7ff6b3bc10ed-7ff6b3bc1104 call 7ff6b3bc2890 525->532 538 7ff6b3bc1137-7ff6b3bc1147 531->538 539 7ff6b3bc111b-7ff6b3bc1132 call 7ff6b3bc2890 531->539 537 7ff6b3bc126c-7ff6b3bc1281 call 7ff6b3bcb1c0 call 7ff6b3bd4f7c * 2 532->537 555 7ff6b3bc1286-7ff6b3bc12a0 537->555 541 7ff6b3bc1150-7ff6b3bc1175 call 7ff6b3bd04dc 538->541 539->537 548 7ff6b3bc125e 541->548 549 7ff6b3bc117b-7ff6b3bc1185 call 7ff6b3bd0250 541->549 551 7ff6b3bc1264 548->551 549->548 556 7ff6b3bc118b-7ff6b3bc1197 549->556 551->537 557 7ff6b3bc11a0-7ff6b3bc11c8 call 7ff6b3bc9990 556->557 560 7ff6b3bc1241-7ff6b3bc125c call 7ff6b3bc2b30 557->560 561 7ff6b3bc11ca-7ff6b3bc11cd 557->561 560->551 562 7ff6b3bc11cf-7ff6b3bc11d9 561->562 563 7ff6b3bc123c 561->563 565 7ff6b3bc1203-7ff6b3bc1206 562->565 566 7ff6b3bc11db-7ff6b3bc11e8 call 7ff6b3bd0c1c 562->566 563->560 569 7ff6b3bc1219-7ff6b3bc121e 565->569 570 7ff6b3bc1208-7ff6b3bc1216 call 7ff6b3bcca40 565->570 571 7ff6b3bc11ed-7ff6b3bc11f0 566->571 569->557 573 7ff6b3bc1220-7ff6b3bc1223 569->573 570->569 576 7ff6b3bc11fe-7ff6b3bc1201 571->576 577 7ff6b3bc11f2-7ff6b3bc11fc call 7ff6b3bd0250 571->577 574 7ff6b3bc1225-7ff6b3bc1228 573->574 575 7ff6b3bc1237-7ff6b3bc123a 573->575 574->560 579 7ff6b3bc122a-7ff6b3bc1232 574->579 575->551 576->560 577->569 577->576 579->541
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2030045667-1655038675
                                                                                                                                                                                                                                          • Opcode ID: 7739cbabc253cc6e8f59069b699201d0862b4b88c7660801c14c8af0229557fd
                                                                                                                                                                                                                                          • Instruction ID: e04f1406f7e1c09966db0d3c734d26fc69f2e1dae3ccc2fecdaea29b9fbe50af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7739cbabc253cc6e8f59069b699201d0862b4b88c7660801c14c8af0229557fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E651A422B0D68245EA30DB59A4423BA6290FFA6794F844135EFCDEB79DEE3CE545C700
                                                                                                                                                                                                                                          Function 00007FF6B3BDC01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 653 7ff6b3bdc01c-7ff6b3bdc042 654 7ff6b3bdc044-7ff6b3bdc058 call 7ff6b3bd54a4 call 7ff6b3bd54c4 653->654 655 7ff6b3bdc05d-7ff6b3bdc061 653->655 673 7ff6b3bdc44e 654->673 656 7ff6b3bdc437-7ff6b3bdc443 call 7ff6b3bd54a4 call 7ff6b3bd54c4 655->656 657 7ff6b3bdc067-7ff6b3bdc06e 655->657 676 7ff6b3bdc449 call 7ff6b3bdaea4 656->676 657->656 659 7ff6b3bdc074-7ff6b3bdc0a2 657->659 659->656 662 7ff6b3bdc0a8-7ff6b3bdc0af 659->662 665 7ff6b3bdc0b1-7ff6b3bdc0c3 call 7ff6b3bd54a4 call 7ff6b3bd54c4 662->665 666 7ff6b3bdc0c8-7ff6b3bdc0cb 662->666 665->676 671 7ff6b3bdc433-7ff6b3bdc435 666->671 672 7ff6b3bdc0d1-7ff6b3bdc0d7 666->672 674 7ff6b3bdc451-7ff6b3bdc468 671->674 672->671 677 7ff6b3bdc0dd-7ff6b3bdc0e0 672->677 673->674 676->673 677->665 680 7ff6b3bdc0e2-7ff6b3bdc107 677->680 682 7ff6b3bdc13a-7ff6b3bdc141 680->682 683 7ff6b3bdc109-7ff6b3bdc10b 680->683 684 7ff6b3bdc143-7ff6b3bdc16b call 7ff6b3bddbbc call 7ff6b3bdaf0c * 2 682->684 685 7ff6b3bdc116-7ff6b3bdc12d call 7ff6b3bd54a4 call 7ff6b3bd54c4 call 7ff6b3bdaea4 682->685 686 7ff6b3bdc132-7ff6b3bdc138 683->686 687 7ff6b3bdc10d-7ff6b3bdc114 683->687 718 7ff6b3bdc16d-7ff6b3bdc183 call 7ff6b3bd54c4 call 7ff6b3bd54a4 684->718 719 7ff6b3bdc188-7ff6b3bdc1b3 call 7ff6b3bdc844 684->719 715 7ff6b3bdc2c0 685->715 688 7ff6b3bdc1b8-7ff6b3bdc1cf 686->688 687->685 687->686 692 7ff6b3bdc1d1-7ff6b3bdc1d9 688->692 693 7ff6b3bdc24a-7ff6b3bdc254 call 7ff6b3be3f8c 688->693 692->693 697 7ff6b3bdc1db-7ff6b3bdc1dd 692->697 704 7ff6b3bdc2de 693->704 705 7ff6b3bdc25a-7ff6b3bdc26f 693->705 697->693 701 7ff6b3bdc1df-7ff6b3bdc1f5 697->701 701->693 706 7ff6b3bdc1f7-7ff6b3bdc203 701->706 708 7ff6b3bdc2e3-7ff6b3bdc303 ReadFile 704->708 705->704 710 7ff6b3bdc271-7ff6b3bdc283 GetConsoleMode 705->710 706->693 711 7ff6b3bdc205-7ff6b3bdc207 706->711 713 7ff6b3bdc3fd-7ff6b3bdc406 GetLastError 708->713 714 7ff6b3bdc309-7ff6b3bdc311 708->714 710->704 716 7ff6b3bdc285-7ff6b3bdc28d 710->716 711->693 717 7ff6b3bdc209-7ff6b3bdc221 711->717 723 7ff6b3bdc423-7ff6b3bdc426 713->723 724 7ff6b3bdc408-7ff6b3bdc41e call 7ff6b3bd54c4 call 7ff6b3bd54a4 713->724 714->713 720 7ff6b3bdc317 714->720 725 7ff6b3bdc2c3-7ff6b3bdc2cd call 7ff6b3bdaf0c 715->725 716->708 722 7ff6b3bdc28f-7ff6b3bdc2b1 ReadConsoleW 716->722 717->693 726 7ff6b3bdc223-7ff6b3bdc22f 717->726 718->715 719->688 729 7ff6b3bdc31e-7ff6b3bdc333 720->729 731 7ff6b3bdc2b3 GetLastError 722->731 732 7ff6b3bdc2d2-7ff6b3bdc2dc 722->732 736 7ff6b3bdc42c-7ff6b3bdc42e 723->736 737 7ff6b3bdc2b9-7ff6b3bdc2bb call 7ff6b3bd5438 723->737 724->715 725->674 726->693 735 7ff6b3bdc231-7ff6b3bdc233 726->735 729->725 739 7ff6b3bdc335-7ff6b3bdc340 729->739 731->737 732->729 735->693 743 7ff6b3bdc235-7ff6b3bdc245 735->743 736->725 737->715 745 7ff6b3bdc342-7ff6b3bdc35b call 7ff6b3bdbc34 739->745 746 7ff6b3bdc367-7ff6b3bdc36f 739->746 743->693 753 7ff6b3bdc360-7ff6b3bdc362 745->753 749 7ff6b3bdc371-7ff6b3bdc383 746->749 750 7ff6b3bdc3eb-7ff6b3bdc3f8 call 7ff6b3bdba74 746->750 754 7ff6b3bdc385 749->754 755 7ff6b3bdc3de-7ff6b3bdc3e6 749->755 750->753 753->725 757 7ff6b3bdc38a-7ff6b3bdc391 754->757 755->725 758 7ff6b3bdc393-7ff6b3bdc397 757->758 759 7ff6b3bdc3cd-7ff6b3bdc3d8 757->759 760 7ff6b3bdc3b3 758->760 761 7ff6b3bdc399-7ff6b3bdc3a0 758->761 759->755 762 7ff6b3bdc3b9-7ff6b3bdc3c9 760->762 761->760 763 7ff6b3bdc3a2-7ff6b3bdc3a6 761->763 762->757 764 7ff6b3bdc3cb 762->764 763->760 765 7ff6b3bdc3a8-7ff6b3bdc3b1 763->765 764->755 765->762
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                          • Instruction ID: 9ff5fc806899cf073d9c5ed93c827fea2965cb87b73914b1e4dcdbe29fae737e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBC1F122B4CB8781E6608B5D94422BD3B64EFE2B90F550131DBCEA779ACF7CE8458701
                                                                                                                                                                                                                                          Function 00007FF6B3BDD520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 876 7ff6b3bdd520-7ff6b3bdd545 877 7ff6b3bdd813 876->877 878 7ff6b3bdd54b-7ff6b3bdd54e 876->878 881 7ff6b3bdd815-7ff6b3bdd825 877->881 879 7ff6b3bdd550-7ff6b3bdd582 call 7ff6b3bdadd8 878->879 880 7ff6b3bdd587-7ff6b3bdd5b3 878->880 879->881 883 7ff6b3bdd5b5-7ff6b3bdd5bc 880->883 884 7ff6b3bdd5be-7ff6b3bdd5c4 880->884 883->879 883->884 886 7ff6b3bdd5d4-7ff6b3bdd5e9 call 7ff6b3be3f8c 884->886 887 7ff6b3bdd5c6-7ff6b3bdd5cf call 7ff6b3bdc8e0 884->887 891 7ff6b3bdd703-7ff6b3bdd70c 886->891 892 7ff6b3bdd5ef-7ff6b3bdd5f8 886->892 887->886 893 7ff6b3bdd70e-7ff6b3bdd714 891->893 894 7ff6b3bdd760-7ff6b3bdd785 WriteFile 891->894 892->891 895 7ff6b3bdd5fe-7ff6b3bdd602 892->895 898 7ff6b3bdd74c-7ff6b3bdd75e call 7ff6b3bdcfd8 893->898 899 7ff6b3bdd716-7ff6b3bdd719 893->899 896 7ff6b3bdd790 894->896 897 7ff6b3bdd787-7ff6b3bdd78d GetLastError 894->897 900 7ff6b3bdd613-7ff6b3bdd61e 895->900 901 7ff6b3bdd604-7ff6b3bdd60c call 7ff6b3bd4900 895->901 905 7ff6b3bdd793 896->905 897->896 920 7ff6b3bdd6f0-7ff6b3bdd6f7 898->920 906 7ff6b3bdd71b-7ff6b3bdd71e 899->906 907 7ff6b3bdd738-7ff6b3bdd74a call 7ff6b3bdd1f8 899->907 902 7ff6b3bdd62f-7ff6b3bdd644 GetConsoleMode 900->902 903 7ff6b3bdd620-7ff6b3bdd629 900->903 901->900 910 7ff6b3bdd64a-7ff6b3bdd650 902->910 911 7ff6b3bdd6fc 902->911 903->891 903->902 913 7ff6b3bdd798 905->913 914 7ff6b3bdd7a4-7ff6b3bdd7ae 906->914 915 7ff6b3bdd724-7ff6b3bdd736 call 7ff6b3bdd0dc 906->915 907->920 918 7ff6b3bdd656-7ff6b3bdd659 910->918 919 7ff6b3bdd6d9-7ff6b3bdd6eb call 7ff6b3bdcb60 910->919 911->891 921 7ff6b3bdd79d 913->921 922 7ff6b3bdd7b0-7ff6b3bdd7b5 914->922 923 7ff6b3bdd80c-7ff6b3bdd811 914->923 915->920 925 7ff6b3bdd664-7ff6b3bdd672 918->925 926 7ff6b3bdd65b-7ff6b3bdd65e 918->926 919->920 920->913 921->914 928 7ff6b3bdd7e3-7ff6b3bdd7ed 922->928 929 7ff6b3bdd7b7-7ff6b3bdd7ba 922->929 923->881 933 7ff6b3bdd674 925->933 934 7ff6b3bdd6d0-7ff6b3bdd6d4 925->934 926->921 926->925 931 7ff6b3bdd7f4-7ff6b3bdd803 928->931 932 7ff6b3bdd7ef-7ff6b3bdd7f2 928->932 935 7ff6b3bdd7d3-7ff6b3bdd7de call 7ff6b3bd5480 929->935 936 7ff6b3bdd7bc-7ff6b3bdd7cb 929->936 931->923 932->877 932->931 938 7ff6b3bdd678-7ff6b3bdd68f call 7ff6b3be4058 933->938 934->905 935->928 936->935 942 7ff6b3bdd691-7ff6b3bdd69d 938->942 943 7ff6b3bdd6c7-7ff6b3bdd6cd GetLastError 938->943 944 7ff6b3bdd69f-7ff6b3bdd6b1 call 7ff6b3be4058 942->944 945 7ff6b3bdd6bc-7ff6b3bdd6c3 942->945 943->934 944->943 949 7ff6b3bdd6b3-7ff6b3bdd6ba 944->949 945->934 946 7ff6b3bdd6c5 945->946 946->938 949->945
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6B3BDD50B), ref: 00007FF6B3BDD63C
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF6B3BDD50B), ref: 00007FF6B3BDD6C7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                                          • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                          • Instruction ID: b0f9346c91d3e8b7bc1a7f6c73f75ad49b4f5ce1684731eaa6c0726d7cad0e85
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5891C262F5865285F7609F6D94422BD2BA0AF66B88F14413DDFCEB7A99CF38D449C300
                                                                                                                                                                                                                                          Function 00007FF6B3BDFCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                          • Instruction ID: 2778a58a882714b5a25866f0c6bac43c1b16b7d8ea72bf493ab2336a35e16bdb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7051E572F482168BFB24CF6CD9466BC27A1AB66359F500135DF5EA6AE9DF3CA401C700
                                                                                                                                                                                                                                          Function 00007FF6B3BD5854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                                          • Opcode ID: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                                                                                                                          • Instruction ID: 99113c243ac662ef7d27ddd3b308900dc7c94b0f2385c17881696d26325c3d52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76a0635d5597b22ce5d2941ff6046abd28e8f163941117926f9164ef5776c06c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54518D22B086418AFB10CF79D4527BD27A1AF69B68F148536DF8EA768DDF3CD4818700
                                                                                                                                                                                                                                          Function 00007FF6B3BCC07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1452418845-0
                                                                                                                                                                                                                                          • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                          • Instruction ID: e7d4033e96f92f99f02f5b07860a2a0a97644d91f467d6f3e1491569591e9229
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9631F811F5C25341EA74AB6DA4633B923919FB3784F844435EB8EE72EFCE2CA4068601
                                                                                                                                                                                                                                          Function 00007FF6B3BD5700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                          • Instruction ID: 4d797a9e7696e4243b06b1b5ba685785f7a275d82ba4384a4aa53bd989039b6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4041B122F1878283E7508B2595017796360FFA6764F209336EBDC93AD9DF7CA5E08700
                                                                                                                                                                                                                                          Function 00007FF6B3BD027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                                                                                                                          • Instruction ID: afd6503f6a3e90fcb0f18ff5f20c839df8bc559a50bacc2f7368ce888043f8e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f7bb398de8c4fd3266a2cb5114fed605c2779b223882c17691b198031e80610
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4551E921B4A64986FE249E3E940267A6691BFA6BB4F144734DFECA77CDCE3CD4018600
                                                                                                                                                                                                                                          Function 00007FF6B3BDC6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                          • Instruction ID: 06b5a8faacaf59749887162cfbc41b44a3b86c442014dbfc085437d951a08684
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C11C1A2718B9181EA108B29B405169A761ABA6BF4F540331EFFD977DDCF7CD0518740
                                                                                                                                                                                                                                          Function 00007FF6B3BD59FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BD5911), ref: 00007FF6B3BD5A2F
                                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BD5911), ref: 00007FF6B3BD5A45
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                                                          • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                          • Instruction ID: 8ebbd80d21c59a11dc8882876d700d94f43ab1763bef7fa31779e3a64674a02a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0118F2271C65681EB648B18A44257EBBA0FB96761F501236EBDDD59DCEF3CD044CB00
                                                                                                                                                                                                                                          Function 00007FF6B3BDAF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF22
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF2C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                          • Instruction ID: 90dd8552e213189d8dc427a40afe3391998c11c857ead97a4c1d1bc2b66813e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88E08654F4D34342FF099BFE588703512545FA5702F4044B4CB8EE626ADF7C69854600
                                                                                                                                                                                                                                          Function 00007FF6B3BDB11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF6B3BDAF99,?,?,00000000,00007FF6B3BDB04E), ref: 00007FF6B3BDB18A
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6B3BDAF99,?,?,00000000,00007FF6B3BDB04E), ref: 00007FF6B3BDB194
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                          • Instruction ID: 55d49f520fc75a22dbcd4f69855a2e4b7ff60e25f20867b737bb97cdcb074e69
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E21F321B6868241FE94D76CA45637913926FA67E0F084239DBEFE73CACE3CE4458301
                                                                                                                                                                                                                                          Function 00007FF6B3BDC46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                          • Instruction ID: fad26f8cd119fb068a2e15561d7887276b2316f7ac006ad5f829214aa46f2858
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E641B372B4824587EA24DB2DA54227977A0EFA7B55F100235E7CEE3699CF3CE402CB51
                                                                                                                                                                                                                                          Function 00007FF6B3BC82B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: 769c694078216e3e967d8c6fbad097522bcbd76ef7f427309f5f9921e1c76582
                                                                                                                                                                                                                                          • Instruction ID: 6a21611caab2160d3b9e7b992aedda155bda25cd703b319111d5fbf6729d212c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769c694078216e3e967d8c6fbad097522bcbd76ef7f427309f5f9921e1c76582
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B921B421B0825255FB249A1A65067BAA651BF96BD4FC86030FF8DDB78ACE3CF101C600
                                                                                                                                                                                                                                          Function 00007FF6B3BDBEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                                                                                                                          • Instruction ID: 65a05d53bd2ab3b6845dc64d6e2d0ec7f0bdfcdc4430c0d72e6a25304e0c7681
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf493e245973df117cfb9bdb4be30e1b7cc3e093745a0bb3aa436662ba277ffd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B31E422F5865281F7409F9E984337C2650AFA2B66F410136EB9CAB3DACF7CE4418B11
                                                                                                                                                                                                                                          Function 00007FF6B3BD64A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                          • Instruction ID: d375554964d15f2d7ce54f554c8414070ec58940ce404d4a2ab2df8549f23477
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9115E21F5C64281EA60DF59940327AA264BFE6B80F944435EBCDA7A9EDF7CE5408B01
                                                                                                                                                                                                                                          Function 00007FF6B3BE6CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                          • Instruction ID: 8d53895ff80a1094f6f91f5b9fef7ac79b79d0d95a2e6fef887303e7042ee0d5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2821AF32B18B9186DB608F1CE44237973A0EBA5B54F144638EB9D967D9DF3CD801CB00
                                                                                                                                                                                                                                          Function 00007FF6B3BD04FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                          • Instruction ID: d1c3f2e8a088166f00e1baa9bf2f87f2c020a6b0d3c246f88fc2a038d05da3b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B01E161B4874641EA00DF5A990206DA691BFA6FE0F084231DFECA3BDECE3CD0018300
                                                                                                                                                                                                                                          Function 00007FF6B3BD7AB0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: af50f55acc611b54009b4ea4d598cf3424078558251c62237d26469a9987366e
                                                                                                                                                                                                                                          • Instruction ID: 0f6d48c7664635e10963ac1199de126516fe3e484321372dcd376d6f8de21c72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af50f55acc611b54009b4ea4d598cf3424078558251c62237d26469a9987366e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E018024F8D66341FAA06F6D65531B96390AF62790F140634EBBDF26DEDF3CA8418601
                                                                                                                                                                                                                                          Function 00007FF6B3BD7DEC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                                                                                                                          • Instruction ID: 230eb59b7e54cbfdb6d6ebb9995ec91a1d0812fcc66b7fde6154fb75d2608375
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE0865CF8830A43FA107EA909831F411044F75301F000431DB98D62DBDE3C6C545621
                                                                                                                                                                                                                                          Function 00007FF6B3BDF158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF6B3BDB9A6,?,?,?,00007FF6B3BDAB67,?,?,00000000,00007FF6B3BDAE02), ref: 00007FF6B3BDF1AD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                          • Instruction ID: efa6a9f68e126030ce18c4641538139c137c48313ea7dd904e370e75cbcc5a87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10F04949B8D30681FE58966ED9133B943915FAAB80F484431CF8EEA3DADE7CE5848210
                                                                                                                                                                                                                                          Function 00007FF6B3BDDBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF6B3BD0D24,?,?,?,00007FF6B3BD2236,?,?,?,?,?,00007FF6B3BD3829), ref: 00007FF6B3BDDBFA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                          • Instruction ID: 42bc42ddf53d432a608bb5357852f8f32ca9978c30a86a5b92ea9039ce96dcab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93F08C00B8D38741FE5857AE980367512909FA67A4F0C0A38DFEEE62CADE7CF4848610

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF6B3BC51E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                          • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                          • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                          • Instruction ID: 580c51766c7e2e32b110a2abf12570d43a1f1904ae72ca68ee5a4b6aaf0efd45
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7212BD68F1EB1390FA25CB0DA85257423A1AF67741B846876CADEE635CFF7CB548D200
                                                                                                                                                                                                                                          Function 00007FF6B3BC1F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                          • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                          • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                          • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                          • Instruction ID: 75474164f23d2ef23726518e5bec03f3c868d509da82b6d31e2e8aa630b2b957
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DA19836718B9682E714CF29E44579AB370FB88B84F50452AEB9D53B28CF3DE164CB00
                                                                                                                                                                                                                                          Function 00007FF6B3BE471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                          • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                          • Instruction ID: 83e93a3d623f6564ea96d833cb5e0f144ba8d6eab892160d280df81d09f111b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAB2D572B283A28BE7648E6CD442BF937A1FB65744F405575DB4DA7A8CDF38E9008B40
                                                                                                                                                                                                                                          Function 00007FF6B3BC8560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00007FF6B3BC2A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC8587
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32 ref: 00007FF6B3BC85B6
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32 ref: 00007FF6B3BC860C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6B3BC87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC2A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: MessageBoxW.USER32 ref: 00007FF6B3BC2AF0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                          • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                          • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                          • Instruction ID: 1058caddebd9da2e2ce176986f5a7f66d971014b8afe39ee98ef49f4eaff9411
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02219071B1CB5285E720CB1CE84227A6261BFAA384F840139D7CDE26ACDF7CE145C700
                                                                                                                                                                                                                                          Function 00007FF6B3BCC57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                          • Instruction ID: 55d73ad34718096999484982144e38106714b8063317225c04e51feb7430d832
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF316B76718B818AEB60CF68E8513ED3360FBA5754F44443ADB8E97A99DF38D648C700
                                                                                                                                                                                                                                          Function 00007FF6B3BDABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                                          • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                          • Instruction ID: 968e35a261e06956b8bdc6dcb80ed4c3d25c626f1380a6a055220310f7031ba7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B315E36718B8186DB60CB29E8412AE73A4FB9A764F500535EBCD93BA9DF3CD545CB00
                                                                                                                                                                                                                                          Function 00007FF6B3BE1EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                                          • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                          • Instruction ID: cf7178c57ebec5d8b4838268389355d07572daab049a9b63a8c54a2c05c5fa57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB1E725B287A641EA60AB2DD8021B97351EF6ABD0F544571EF8DABACDDF3CE541C300
                                                                                                                                                                                                                                          Function 00007FF6B3BCC460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                          • Instruction ID: b6e0fb2ade8ea3b3d714a861a5c73e05f8dcc07b2fb985ce48492e110e95bb9b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB113725B14F058AEB00CF78E8562B93364FB69754F441D31DBAD96768DF7CD1548380
                                                                                                                                                                                                                                          Function 00007FF6B3BE4280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction ID: 3a4fc77a189432b89ff0b75a071597911154104f7830780d1ce192f8d77671fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43C11672B2939587DB28CF1DA04566AB7A1F7A5784F458534DB8E93B88DF3CE800CB40
                                                                                                                                                                                                                                          Function 00007FF6B3BE9FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                                                                          • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                          • Instruction ID: 827ba0332c13ca8663dad95ce33b328632be4c5ec74468f9a1f3d5d6acd6d8b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5B16777A10B98CAEB15CF2DC8863683BA4F785B48F148961DB9D937A8CF3AD451C700
                                                                                                                                                                                                                                          Function 00007FF6B3BC88D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                          • Instruction ID: aec05af2e37afb92432e9511604984d4d1e50d55bedbde08fae6913cb1103266
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF08126B2C78586E770CF68A44A76AB390AB95724F401735D7AE966D8DF7CE0488A00
                                                                                                                                                                                                                                          Function 00007FF6B3BD3AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                                                                          • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                          • Instruction ID: be41b07adc07d15edfe22d88c62acd40be8bbe680b506d1cd624449ac7e8c095
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25E1A437B4864682EB688F2D805213937A0FF66B48F185175DB8EA779EDF39E851C700
                                                                                                                                                                                                                                          Function 00007FF6B3BDE4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                                                                                                          • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                          • Instruction ID: bf9aacdb8e9d1372d5e56c2a3482007390ec8a1d76d973f2af4860704e68b67b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE519922B1C6C586E724CE3D99067697B91E766B98F488231CBEC9BAC9DF3DD441C700
                                                                                                                                                                                                                                          Function 00007FF6B3BDE01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                                                                          • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                          • Instruction ID: 530c744fbbf6f029d2289947082960e95d8f85c467ed1445f713a636649c0d6e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACA13463B0878686EB22CB2DA4027BDBB91AB62784F049131DF8D97789DE3DE501C701
                                                                                                                                                                                                                                          Function 00007FF6B3BD86D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: TMP
                                                                                                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                          • Opcode ID: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                          • Instruction ID: 6ef65a1187c71741b27d5d4bbdbb0ccb85e130c0eeafb95728967c781abce17e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A551C515F4835241FA68AB2E991317A62916F66BC5F084434DF8DF77EDEE3CF4428204
                                                                                                                                                                                                                                          Function 00007FF6B3BE3AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                          • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                          • Instruction ID: 9474a26f59e132592574ed610e7d7b783485ca66fbe8b7dc31c1e20d418b7a8d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AB09228F2BB86C2EB486B59AC8B21422A87F58B10F944078C24DA1320DE2C21B54B01
                                                                                                                                                                                                                                          Function 00007FF6B3BD36E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                          • Instruction ID: af607a16537efcdfffbf5839213c79ead5dacd8c40ffd67eb09e7fa61a295955
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76D1E667F4864285EB688B2D805263D27A0EF26B48F145275CF8EA76DECF3DD845C740
                                                                                                                                                                                                                                          Function 00007FF6B3BC8FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                          • Instruction ID: c40cacf36ce582be8323676ac7920fc02399555b1f7799a30e9f19a1a2dd5ae9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AC105322142F48BD698EB29E45947A33E1F7EA309BD5403BEB878B785CA3DE414D750
                                                                                                                                                                                                                                          Function 00007FF6B3BD2D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                          • Instruction ID: 980ae69f942db203b558a1fbcfa8ccaf8c7a0ed1703bee0e834e93144f21cec7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85B16D76A4878586E7658F2DD49123C3BA0E76AF48F280175CBCEAB39ACF39D441D704
                                                                                                                                                                                                                                          Function 00007FF6B3BDEB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                          • Instruction ID: 0dd4ec2ef161dba76378d945805402951573af100ac5a87499e28728273ede65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC81E272B4878186E774CB1D948237A7A91FB66794F144235DBCE97B9DDE3CE4408B00
                                                                                                                                                                                                                                          Function 00007FF6B3BE6D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                                                                                                                          • Instruction ID: 7cd6316ecec443d848e7297ba716764dff75d2a011c0f0009c7c0c22d0e9c46c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14e965909f7280d7a3652a0ca181d92c694a9cf8fd4ee26df7ecbe6e2bc61af1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54611A22F2C3A256FB648A2CC4527797691AF62360F140A7DE79DD3ACDDE7DE8018740
                                                                                                                                                                                                                                          Function 00007FF6B3BD1A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                          • Instruction ID: e02f2e56c9f04d50a3e06340091bfe3da3ebe46736d0d2c66ff4595df7671569
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2517976B58A5186E7648F2DC04623937A0EB66B68F244131CFCDA7798DF3AE853C740
                                                                                                                                                                                                                                          Function 00007FF6B3BD22A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                          • Instruction ID: 920b863ca5ca3492e6d49b410665134a55bbf3bff3d5cc1325d58ebf2be37faf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52518836B5869195E7248B2DD04123C37A0EB66B68F645131CFCDAB798CF3AE953C740
                                                                                                                                                                                                                                          Function 00007FF6B3BD1E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                          • Instruction ID: 9119cc4b6ded58355a1f340f145af2696f56dd4978e0987f1473d699969b6ea1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C517536B5865186E7648B2DD04123937A0EB6AB58F244131DFCDAB7D9CF3AE843C780
                                                                                                                                                                                                                                          Function 00007FF6B3BD1C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                          • Instruction ID: 030ac360b1e6ba2410fea0e8b0e27f2107cd220ddd13e7385aec1b02d50e5385
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08516336B5965586E7A48B2DD04273C37A1EB6AB58F244131CF8DA779CCF3AE842C740
                                                                                                                                                                                                                                          Function 00007FF6B3BD1880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                          • Instruction ID: ac355bee961120784d93b73270b9e762780e39c5bc17e79822b47bbe4bda1701
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9517136B59A5185E7A48B2DC04123877A1EB66B58F245131CF8EA77ACCF3EE943C740
                                                                                                                                                                                                                                          Function 00007FF6B3BD20A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                          • Instruction ID: 5603a5e5a82b591408503e5859dd5c1c0f055dc7f2f63bb8aeb6bc6b6e6aeb80
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0514236B5869595E7258B2DC04223D37A1EB66B58F248131DF8DAB79CCF3AE842C740
                                                                                                                                                                                                                                          Function 00007FF6B3BD5F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction ID: 06507ac75a32aff6c80c75e9fb4387eb3ef1821e39b74979b9ae10210ad31df9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF41E456E8D74A44E961891C0541BB42A819F337A0D9852B9DFEDBF3CEDF3D258AC200
                                                                                                                                                                                                                                          Function 00007FF6B3BDA430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                          • Instruction ID: b670c0cdb7239b302ceebe4b42eccbc5921921093a5a5a492c0fe31ec33a02e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A741F472B14A5582EF14CF2ED91656973A1AB59FD4B08A032EF4DE7B6CDE3CD0428300
                                                                                                                                                                                                                                          Function 00007FF6B3BD7C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                          • Instruction ID: 8b891f0fbf884c876603cd9f8796513843233802bafd9c3ca46718e763007adb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2b002bbc49f8edc76fb8066870c38d7afee558bd2249c300808c44e7bc92a50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A31C372719B4242E764DF2AA44217D66A5AFD6B90F144238EBDDA3BDEDF3CD0028704
                                                                                                                                                                                                                                          Function 00007FF6B3BE9E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                          • Instruction ID: 0422be663127ce614aed92f2767073731193ccf36889a8c84a9eef074dbffd5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F04FB5B286958ADBA98F6DA81362977E0E748380B809579E689C3E14DB3C90608F04
                                                                                                                                                                                                                                          Function 00007FF6B3BCC760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                          • Instruction ID: 92f4ac7f7fa94e04c763449ed4342cb484e5f3ccd6d86b462d8026d07b79a2ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29A00265B2CD16D0E656CB1CE8560702330FB73310BA00472D28EE10A89F3CE543C301
                                                                                                                                                                                                                                          Function 00007FF6B3BC6EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                          • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                          • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                          • Instruction ID: 07678cca8d876a24bedaf732b52e653fa7bb936df034a40bfeb11421bc83b4b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E10D68B2DB1394FA55CB0CB84217467A5AF37745B842879CACDA636CEFBCF5488300
                                                                                                                                                                                                                                          Function 00007FF6B3BC12B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message_fread_nolock
                                                                                                                                                                                                                                          • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                          • Opcode ID: 177abdf14fc9c841984a4527118494491755f9154b3595ae679b628ca0bad231
                                                                                                                                                                                                                                          • Instruction ID: 1cc7470fb2d26ed65712fb562f62b3a5e235d2084e35cff724f828432d74c3a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 177abdf14fc9c841984a4527118494491755f9154b3595ae679b628ca0bad231
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B51A121B0868755EA30A71DA8526FA6394EF66784F804431EFCDF7B9DEE3CE5418700
                                                                                                                                                                                                                                          Function 00007FF6B3BC23F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                          • Instruction ID: d2d7599be33691a641c65329a9e204df9d4eb95caca14e1886c166859a2b6230
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F651F9266187A187D634DF2AA0181BAB7A1F7A8B61F004121EBCF83744DF7CD045D710
                                                                                                                                                                                                                                          Function 00007FF6B3BD67A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                          • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                          • Instruction ID: 03e7c18c2165e48fe39add740297fb8f4074fa637553db41f875e4a60eea9769
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B129361F4C143A6FB249A1CE1567B976A1EBA2754FC44039E7C9A76CCDF3CE4808B14
                                                                                                                                                                                                                                          Function 00007FF6B3BD1108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                          • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                          • Instruction ID: a9f87ada634970e7d26debf233cfefa7bd7e0f244b7ed7c8527f3e7587b52c19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB12C472F4C14386FBA09A59D0067B97261FBA2754F848135E7DAA7ACCDF3DE4808B04
                                                                                                                                                                                                                                          Function 00007FF6B3BC15A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                          • Opcode ID: 50ef22e55c6d384a611bdd27779cbc563cb6f2ecfb2fcee110ada23eaf159ce0
                                                                                                                                                                                                                                          • Instruction ID: 67b2291ec0a8bfc941f900d58583afd39c408e4d2cc0ffc953ea691e9f881f4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50ef22e55c6d384a611bdd27779cbc563cb6f2ecfb2fcee110ada23eaf159ce0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A317E21B1C65286EE24EB5DA4425BA63A0EF267D4F884431DFCDB7A5DEE3CE5418700
                                                                                                                                                                                                                                          Function 00007FF6B3BCEB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                                          • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                          • Instruction ID: b09e7ee24fe0d56d114fe1a0d7635194bbb6843982e9ab42a78f3661f1f5392e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34E16F72B08742C6EB309B6D94422AD77A0FB66799F500535EF8DA7B59CF38E590C700
                                                                                                                                                                                                                                          Function 00007FF6B3BDF1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF6B3BDF56A,?,?,0000016EC013A9C8,00007FF6B3BDB317,?,?,?,00007FF6B3BDB20E,?,?,?,00007FF6B3BD6452), ref: 00007FF6B3BDF34C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6B3BDF56A,?,?,0000016EC013A9C8,00007FF6B3BDB317,?,?,?,00007FF6B3BDB20E,?,?,?,00007FF6B3BD6452), ref: 00007FF6B3BDF358
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                          • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                          • Instruction ID: a5a5ed8b324fa92c3b42f49c62acf3122328d08ff84be259bf9c19f8d11b0f71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E41F465B6DA0241FA16CB1E9C025752391BF66BA0F494535EF9DF778CDE3CE4498300
                                                                                                                                                                                                                                          Function 00007FF6B3BC86B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC8747
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC879E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                          • API String ID: 626452242-27947307
                                                                                                                                                                                                                                          • Opcode ID: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                          • Instruction ID: 5c33617bd5dea5fad683ceba114b73961b35b181c59184a2bbc712a292f017a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4141D532B08B9282D620CF19B84113AB6A1FBA6790F944535DBCDD7B98DF3CE445C700
                                                                                                                                                                                                                                          Function 00007FF6B3BC8BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00007FF6B3BC39EA), ref: 00007FF6B3BC8C31
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6B3BC87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC2A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: MessageBoxW.USER32 ref: 00007FF6B3BC2AF0
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00007FF6B3BC39EA), ref: 00007FF6B3BC8CA5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                          • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                          • Opcode ID: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                          • Instruction ID: 4cd5a0a4d213c1f70e9b3b6d35b505e71d933df97cb0e82b210931101e1a5be5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D219331719B46D5EA20CF5DA8420797291EFA5B90B944535C78DE7798DF7CE5058300
                                                                                                                                                                                                                                          Function 00007FF6B3BC75A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                          • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                          • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                          • Opcode ID: 0c183e133c5fbc1ffe3f319d699f8627423da4d6d465f0011bb75cd22a0eadb8
                                                                                                                                                                                                                                          • Instruction ID: 10f1f10435b56d7e69a1d7313664e351864a49d67171b559882f133ad3c59ed0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c183e133c5fbc1ffe3f319d699f8627423da4d6d465f0011bb75cd22a0eadb8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B517069B1D64749FA309B2D99572B962919FA7B80F840031EBDDE77DEEE3CE5008340
                                                                                                                                                                                                                                          Function 00007FF6B3BC7420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC8AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6B3BC2ABB), ref: 00007FF6B3BC8B1A
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6B3BC79A1,00000000,?,00000000,00000000,?,00007FF6B3BC154F), ref: 00007FF6B3BC747F
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC2B30: MessageBoxW.USER32 ref: 00007FF6B3BC2C05
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6B3BC7493
                                                                                                                                                                                                                                          • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6B3BC7456
                                                                                                                                                                                                                                          • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6B3BC74DA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                          • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                          • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                          • Instruction ID: a55c4c10c5fe0cd0baac9392d082642816cc939332ee45b47dcffba9f468ccff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1316455B2C74245FA30E72DA5573BA5291AFBA780FC44435DBCEE679EEE2CE1048600
                                                                                                                                                                                                                                          Function 00007FF6B3BCDDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B3BCE06A,?,?,?,00007FF6B3BCDD5C,?,?,00000001,00007FF6B3BCD979), ref: 00007FF6B3BCDE3D
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6B3BCE06A,?,?,?,00007FF6B3BCDD5C,?,?,00000001,00007FF6B3BCD979), ref: 00007FF6B3BCDE4B
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B3BCE06A,?,?,?,00007FF6B3BCDD5C,?,?,00000001,00007FF6B3BCD979), ref: 00007FF6B3BCDE75
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF6B3BCE06A,?,?,?,00007FF6B3BCDD5C,?,?,00000001,00007FF6B3BCD979), ref: 00007FF6B3BCDEBB
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF6B3BCE06A,?,?,?,00007FF6B3BCDD5C,?,?,00000001,00007FF6B3BCD979), ref: 00007FF6B3BCDEC7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                          • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                          • Instruction ID: e4f7965fae28b9303e179cbf8e3a91cfdf1590891796bdc26f9af6fe1293c4e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3931C625B1A74781EE21DB0A980157523D4BF7AB64F9A0539DF9DA6748DF3CE4498300
                                                                                                                                                                                                                                          Function 00007FF6B3BC8AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6B3BC2ABB), ref: 00007FF6B3BC8B1A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6B3BC87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC2A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: MessageBoxW.USER32 ref: 00007FF6B3BC2AF0
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6B3BC2ABB), ref: 00007FF6B3BC8BA0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                          • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                          • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                          • Opcode ID: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                          • Instruction ID: 798b7e8bbe6092590b05802fce7c871460c666b3447efa13e0904ceefc998f84
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0218522B18B5281EB50CB1DF802069A361FB967D4F984675DB9CE7B6DEF2CE5418700
                                                                                                                                                                                                                                          Function 00007FF6B3BDB710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                          • Instruction ID: 915c1e42fcbbcda3f835c89d6e44e453dc3745382795a043b03d4a8c7d6406af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e25a57dc3899cb5d9e1114fbc8c557aa55031a2469902f6cab5e8a78f8e35b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0215B24B8C24342FA69A73E565713962929F667B0F144734EBBEE6BDEDE3CF4014600
                                                                                                                                                                                                                                          Function 00007FF6B3BE85BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                          • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                          • Instruction ID: fa5ae99f88dbea8296d5a20a0f9c0ce11e058ce0423630f3fdc92355e37c47a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7119625B28B518AE7508B4EE85572977A0FB69FE4F040634DB9ED77A8CF3CE4448740
                                                                                                                                                                                                                                          Function 00007FF6B3BDB888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6B3BD54CD,?,?,?,?,00007FF6B3BDF1BF,?,?,00000000,00007FF6B3BDB9A6,?,?,?), ref: 00007FF6B3BDB897
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BD54CD,?,?,?,?,00007FF6B3BDF1BF,?,?,00000000,00007FF6B3BDB9A6,?,?,?), ref: 00007FF6B3BDB8CD
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BD54CD,?,?,?,?,00007FF6B3BDF1BF,?,?,00000000,00007FF6B3BDB9A6,?,?,?), ref: 00007FF6B3BDB8FA
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BD54CD,?,?,?,?,00007FF6B3BDF1BF,?,?,00000000,00007FF6B3BDB9A6,?,?,?), ref: 00007FF6B3BDB90B
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BD54CD,?,?,?,?,00007FF6B3BDF1BF,?,?,00000000,00007FF6B3BDB9A6,?,?,?), ref: 00007FF6B3BDB91C
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF6B3BD54CD,?,?,?,?,00007FF6B3BDF1BF,?,?,00000000,00007FF6B3BDB9A6,?,?,?), ref: 00007FF6B3BDB937
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                          • Instruction ID: ab361bac7e4b89ebe5a061ad1e8be533f780fc9d8c6182d9cf725ed9b54c737f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 941158fb4e6d3a9375e13d6d10033e8ffcdbbced4d4dd5e625aa307a16b34608
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5116A24B8C68242FA54A73E564713962529FA67B0F444734EABEE67DEDE3CF4024600
                                                                                                                                                                                                                                          Function 00007FF6B3BCD778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$f
                                                                                                                                                                                                                                          • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                          • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                          • Instruction ID: ec4f16aac4df0dc95e0db261de9885b4723a4b73b71773fd2718789e9be21f54
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA51D33AB192028BD724CB19E405A297795FBA2B94F908538DBDEA774CDF78E9448700
                                                                                                                                                                                                                                          Function 00007FF6B3BC2600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                          • Instruction ID: ca8cbbe6fce427982999f47c8f63f823c7df127c42dc7e7f7054fc137063b17e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34315E36B19A8285EB24DF29E8561F96360FF9A784F800135EB8D9BB59DF3CD105C700
                                                                                                                                                                                                                                          Function 00007FF6B3BC29E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6B3BC87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC2A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC8560: GetLastError.KERNEL32(00000000,00007FF6B3BC2A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC8587
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC8560: FormatMessageW.KERNEL32 ref: 00007FF6B3BC85B6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC8AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF6B3BC2ABB), ref: 00007FF6B3BC8B1A
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF6B3BC2AF0
                                                                                                                                                                                                                                          • MessageBoxA.USER32 ref: 00007FF6B3BC2B0C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                          • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                          • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                          • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                          • Instruction ID: cef35184f752329911f948e6c9eac108f11697e2a17f0da6eafdbfe5b84dfc63
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B316F7272CA9291E630DB18E4526EA6364FF95784F804036E7CDA2A9DDF3CD605CB40
                                                                                                                                                                                                                                          Function 00007FF6B3BDA018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                          • Instruction ID: 73269bf16c7c36cb2fd7b6668ef01582a863a28bdc3c27ceef8061b93424b774
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81F04F65B1970281FB148B2CE4463796360AFAA761F540635C7AE961F8CF3CE485C740
                                                                                                                                                                                                                                          Function 00007FF6B3BE9C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                          • Instruction ID: cb31bc333c0557a811c3e7e1670c875c9c41fb14f9447a5b52b8c6b66a5c84d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93111C62F28B3341F654216CA54737535806F67360E080EB4EBEEA63DECE6DA9498215
                                                                                                                                                                                                                                          Function 00007FF6B3BDB950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF6B3BDAB67,?,?,00000000,00007FF6B3BDAE02,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDB96F
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BDAB67,?,?,00000000,00007FF6B3BDAE02,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDB98E
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BDAB67,?,?,00000000,00007FF6B3BDAE02,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDB9B6
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BDAB67,?,?,00000000,00007FF6B3BDAE02,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDB9C7
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6B3BDAB67,?,?,00000000,00007FF6B3BDAE02,?,?,?,?,?,00007FF6B3BD30CC), ref: 00007FF6B3BDB9D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                          • Instruction ID: d7736698fee34f7da72fe2d43d1ff5d090287faaff44cdca6ae032e534e51d95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fc6ccaa14371e387e5c22fb95057e46c3ade10dd54edcd3ce0e48e5b46d1de5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE117F20B4D28241FA58A72E955323962415F667B0F045334EBFEE67DEDE3CE4418600
                                                                                                                                                                                                                                          Function 00007FF6B3BDB7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                          • Instruction ID: cbec68c6a4646abc6e63949ed77127804be6fcd8f4a79b4edd179ea5e652e63a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64fe73475c7f3c5e3ff0e30dd8e21900901c314ca9004384e47b330d372873f3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7111824F8D24742F96CA63E581317912424F67374F145738DBBEEA2DADE3DB4014601
                                                                                                                                                                                                                                          Function 00007FF6B3BD64B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                          • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                          • Instruction ID: 1c77dd73c5f3b5a9c2d73bd9f985ddb70f035a1de4379a5939fab1cd7b49a420
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A91C432B48A4A51F7258E29D4523BD3790AB66B58F84413ADBDD973DDDF3CE8418300
                                                                                                                                                                                                                                          Function 00007FF6B3BE05A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                          • Instruction ID: 88880ffc14a04a170e7e9ba89aaa5e38542d7b3c52f998cca965de264c55ee4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0481A275F2832285FF644F2F911227836A0EB32B84F554875CB89F729DDE3DE901AA41
                                                                                                                                                                                                                                          Function 00007FF6B3BCEFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                          • Instruction ID: cf0e6534d64075ad168f398788f23568930010196898b1f9d96cf0c6a3ceef3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52618B33B08B458AE7208F69D4413AD77A0FB59B88F444225EF8D67B99DF38E154C700
                                                                                                                                                                                                                                          Function 00007FF6B3BCF334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                          • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                          • Instruction ID: 126b277ce111cd114c549307ede93fc6ea43126e935ed4cb5eed936b5a592fa1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70518032B0828286EA748F19904636877A0EBA6B84F944175DBDCE7B9ACF3CE450C700
                                                                                                                                                                                                                                          Function 00007FF6B3BC2890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                          • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                          • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                          • Instruction ID: abf41d058cdebedd86c37b7274019d2f6f329b66a104dc5b2df2bd5550cbd35e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94316D72728A9281E630DB18E4526EA63A4FF95784F804036E7CDA6A9DCF3CD605CB40
                                                                                                                                                                                                                                          Function 00007FF6B3BC3EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF6B3BC39EA), ref: 00007FF6B3BC3EF1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6B3BC87F2,?,?,?,?,?,?,?,?,?,?,?,00007FF6B3BC101D), ref: 00007FF6B3BC2A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BC29E0: MessageBoxW.USER32 ref: 00007FF6B3BC2AF0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                          • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                          • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                          • Instruction ID: 8c7ef3b139a798cae0d2d79584457385ea1798af76fdf220a2956d1e28d066be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA017161B2D74240FA70972CE8573B52261AF6A785FC00831EACDE629AEE1CE2458700
                                                                                                                                                                                                                                          Function 00007FF6B3BDCB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                                          • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                          • Instruction ID: e0dd45e1c02b13c47a1607380b5d542e33385baf3848a32c2211c38ca2e25af8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09D1D272B18A8189E711CF69D4412EC3771EB65B98B144235DF9DEBB9DDE38D406C340
                                                                                                                                                                                                                                          Function 00007FF6B3BC2330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                                          • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                          • Instruction ID: b2b7b6a166f67df1c495dcac32d9a469ecd6caac5b20fd06316e9ba0ed7cb1e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5811A921F1C25286FB65976DF5462B92291FFE6B80F848430DB899AB9ECD7CD6C18600
                                                                                                                                                                                                                                          Function 00007FF6B3BE628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                          • Instruction ID: accc11a6e47cdfb177f36665cf884d6d082fda50b7e7ec4402a1c12e623a11a0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63413A12B283A152F7208B2DD40277A5760EFA27A4F104639EFDC96ADDDE3CD441C700
                                                                                                                                                                                                                                          Function 00007FF6B3BD95A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B3BD95D6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF22
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6B3BDAF0C: GetLastError.KERNEL32(?,?,?,00007FF6B3BE3392,?,?,?,00007FF6B3BE33CF,?,?,00000000,00007FF6B3BE3895,?,?,00000000,00007FF6B3BE37C7), ref: 00007FF6B3BDAF2C
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6B3BCBFE5), ref: 00007FF6B3BD95F4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\I6H1RkEHlX.exe
                                                                                                                                                                                                                                          • API String ID: 3580290477-4233337939
                                                                                                                                                                                                                                          • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                          • Instruction ID: 65091ceec94b6321bf751123c61019d3d466b6075afe7c3a8b637a01ca45c10c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4141CD72B48B1286EB54DF2994520BC33A5EF96784B144035EF8EA7B89DF3CE4818300
                                                                                                                                                                                                                                          Function 00007FF6B3BDD1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                          • Instruction ID: 90bf696bea57eba338282e7404c5a71b3048f0a48a5d35a62c50c43a03dab611
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41B162B18A8182EB20CF69E4453AA6760FBA9794F804035EFCDD7B98DF3CD545C740
                                                                                                                                                                                                                                          Function 00007FF6B3BDF918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                          • Opcode ID: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                          • Instruction ID: b75673d3f2dd7522f28761a0cb21f4a6d3b9056e72feb320b152f542fb42e54d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4482f0b2aa88d097fa4b172b4d0b9d8fa621ceaf6a6e580bcf5a02da10cef38f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4821D222B0C68181EB209B19D44627D63B2FBA5B44F918036DBCE97289DF7CE9458741
                                                                                                                                                                                                                                          Function 00007FF6B3BC2C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: Error detected
                                                                                                                                                                                                                                          • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                          • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                          • Instruction ID: 6c69b217e73170a2857fca251b1f478d5e39d941c2fbcf74d6323c10361f6be4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F221827272868691EB30DB18E4526EA6364FFA5784F801135E7CDA7A6DDF3CD205CB00
                                                                                                                                                                                                                                          Function 00007FF6B3BC2B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: Fatal error detected
                                                                                                                                                                                                                                          • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                          • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                          • Instruction ID: 583e225abebad5034d8b0dde6d5db70f87673cdd962240cdd30e75299d1e576c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72218D72728A8291EB30DB18E4526EA6364FFA5784F801135E7CDA7A69DF3CD205CB00
                                                                                                                                                                                                                                          Function 00007FF6B3BCFE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                          • Instruction ID: 587b058060f0ea9874a367b9fc746c3c9ca2654ad4bedc30a5c8e682e45f2d04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39114932618B4682EB618B19F44026977E1FB99B84F584274DFCC97B59DF3CC5518B00
                                                                                                                                                                                                                                          Function 00007FF6B3BE041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.3283397113.00007FF6B3BC1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B3BC0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283370048.00007FF6B3BC0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283431991.00007FF6B3BEB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3BFE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283465871.00007FF6B3C00000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.3283509715.00007FF6B3C02000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff6b3bc0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                          • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                          • Instruction ID: 0853b15a3050f61647bd79676ca0f9d57b72bbc9a5c1ffccd65e94554f1b6b52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1017C62B2831686FB20AF6D946327E23B0EFA6705F840436D78DD6699DF3CE544CA14

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.3%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:31.6%
                                                                                                                                                                                                                                          Total number of Nodes:275
                                                                                                                                                                                                                                          Total number of Limit Nodes:17
                                                                                                                                                                                                                                          execution_graph 78753 7ff8a830ed6b 78763 7ff8a830ed00 78753->78763 78754 7ff8a830ef51 78756 7ff8a830efec 78757 7ff8a830eff6 ERR_new 78756->78757 78759 7ff8a830f005 78757->78759 78758 7ff8a830ed22 ERR_new ERR_set_debug 78758->78754 78759->78754 78760 7ff8a830f011 ERR_new 78759->78760 78761 7ff8a830f01b ERR_set_debug 78760->78761 78761->78754 78763->78754 78763->78756 78763->78758 78763->78759 78764 7ff8a830efd3 78763->78764 78767 7ff8a830ef8a 78763->78767 78770 7ff8a8310672 78763->78770 78776 7ff8a82b1389 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error 78763->78776 78777 7ff8a82b1140 CRYPTO_free CRYPTO_free 78763->78777 78778 7ff8a82b1294 10 API calls 78763->78778 78766 7ff8a830efdd ERR_new 78764->78766 78766->78756 78767->78754 78768 7ff8a830efa4 ERR_new 78767->78768 78768->78761 78771 7ff8a8310682 78770->78771 78772 7ff8a83106a6 78770->78772 78775 7ff8a831069c 78771->78775 78783 7ff8a82b1c12 46 API calls 78771->78783 78779 7ff8a82b1d43 78772->78779 78775->78763 78776->78763 78777->78763 78778->78763 78779->78775 78780 7ff8a830ec10 78779->78780 78781 7ff8a830ec1c BIO_ctrl 78780->78781 78782 7ff8a830ec3f 78781->78782 78782->78775 78783->78775 78784 7ff8a82b1f46 78785 7ff8a82c0510 78784->78785 78786 7ff8a82c0570 78785->78786 78787 7ff8a82c058a BIO_ctrl 78785->78787 78788 7ff8a82c05a9 78787->78788 78789 7ff8a82d74a0 78790 7ff8a82d74b5 78789->78790 78791 7ff8a82d74f1 78790->78791 78792 7ff8a82d74cc ERR_set_mark OBJ_nid2sn EVP_CIPHER_fetch ERR_pop_to_mark 78790->78792 78792->78791 78793 7ff8a82cfae0 78794 7ff8a82cfaf0 78793->78794 78795 7ff8a82cfb00 ERR_new ERR_set_debug ERR_set_error 78794->78795 78796 7ff8a82cfb3b 78794->78796 78797 7ff8a82cfbb5 78796->78797 78798 7ff8a82cfb75 ASYNC_get_current_job 78796->78798 78800 7ff8a82cfbbb 78796->78800 78804 7ff8a830e5ec 78797->78804 78798->78797 78799 7ff8a82cfb7f 78798->78799 78812 7ff8a82d83e0 ERR_new ERR_set_debug ERR_new ERR_set_debug ERR_set_error 78799->78812 78802 7ff8a82cfbaa 78805 7ff8a830e5f7 78804->78805 78806 7ff8a830e73a ERR_clear_error SetLastError 78805->78806 78810 7ff8a830ea73 78805->78810 78808 7ff8a830e753 78806->78808 78809 7ff8a830ea60 BUF_MEM_free 78808->78809 78808->78810 78811 7ff8a830e9f0 78808->78811 78813 7ff8a830e240 78808->78813 78809->78810 78810->78800 78811->78809 78812->78802 78814 7ff8a830e25a 78813->78814 78815 7ff8a830e500 ERR_new 78814->78815 78818 7ff8a830e591 ERR_new 78814->78818 78819 7ff8a830e576 78814->78819 78822 7ff8a830e5a0 ERR_new ERR_set_debug 78814->78822 78823 7ff8a830e3be BUF_MEM_grow_clean 78814->78823 78824 7ff8a830e557 78814->78824 78825 7ff8a830e52d ERR_new ERR_set_debug 78814->78825 78826 7ff8a82b11c7 memcmp 78814->78826 78816 7ff8a830e50a ERR_set_debug 78815->78816 78816->78824 78818->78816 78820 7ff8a830e582 ERR_new 78819->78820 78819->78824 78821 7ff8a830e4cd ERR_set_debug 78820->78821 78821->78824 78822->78824 78823->78814 78823->78825 78824->78808 78825->78824 78826->78814 78827 7ff8a82f5770 78828 7ff8a82f578f 78827->78828 78829 7ff8a82f58a3 78828->78829 78830 7ff8a82f58e7 78828->78830 78866 7ff8a82f58fe 78828->78866 78886 7ff8a82b1f87 78828->78886 78898 7ff8a82b127b 6 API calls 78829->78898 78833 7ff8a82f598c 78830->78833 78834 7ff8a82f5923 EVP_MD_CTX_get0_md 78830->78834 78830->78866 78835 7ff8a82f5abc 78833->78835 78836 7ff8a82f5ac5 78833->78836 78846 7ff8a82f59bc 78833->78846 78834->78833 78838 7ff8a82f5934 EVP_MD_CTX_get0_md EVP_MD_get_size 78834->78838 78835->78836 78837 7ff8a82f5a57 78835->78837 78893 7ff8a82b1212 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error CRYPTO_free 78836->78893 78841 7ff8a82f5a6c 78837->78841 78862 7ff8a82f5b9a 78837->78862 78838->78833 78840 7ff8a82f5950 ERR_new ERR_set_debug 78838->78840 78840->78866 78892 7ff8a82b1212 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error CRYPTO_free 78841->78892 78842 7ff8a82f5af6 78844 7ff8a82f5b22 ERR_new ERR_set_debug 78842->78844 78851 7ff8a82f5aae 78842->78851 78844->78866 78845 7ff8a82f5a86 78849 7ff8a82f5b5e ERR_new ERR_set_debug 78845->78849 78845->78851 78846->78837 78856 7ff8a82f5a1e ERR_new ERR_set_debug 78846->78856 78846->78866 78848 7ff8a82f5d15 memset 78850 7ff8a82f60fc 78848->78850 78880 7ff8a82f5d3b 78848->78880 78849->78866 78853 7ff8a82f61b6 78850->78853 78854 7ff8a82f612f 78850->78854 78851->78848 78859 7ff8a82f5c8b EVP_CIPHER_CTX_get0_cipher EVP_CIPHER_get_mode 78851->78859 78852 7ff8a82f5cd6 ERR_new 78857 7ff8a82f649e ERR_set_debug 78852->78857 78863 7ff8a82f61c9 78853->78863 78877 7ff8a82f61e8 78853->78877 78896 7ff8a82b26fd 34 API calls 78854->78896 78856->78866 78857->78866 78858 7ff8a82f6134 78861 7ff8a82f613d 78858->78861 78858->78877 78860 7ff8a82f5ca2 EVP_CIPHER_CTX_get_iv_length 78859->78860 78864 7ff8a82f5ce5 78859->78864 78860->78864 78865 7ff8a82f5cae ERR_new ERR_set_debug 78860->78865 78861->78866 78868 7ff8a82f614d ERR_new 78861->78868 78862->78851 78862->78852 78894 7ff8a82b1212 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error CRYPTO_free 78862->78894 78863->78866 78867 7ff8a82f61d9 ERR_new 78863->78867 78864->78848 78865->78866 78867->78857 78868->78857 78869 7ff8a82f6494 ERR_new 78869->78857 78870 7ff8a82f61a7 ERR_new 78870->78857 78871 7ff8a82f6488 ERR_new 78871->78857 78872 7ff8a82f6451 ERR_new 78872->78857 78874 7ff8a82f5ef2 ERR_new ERR_set_debug 78874->78866 78875 7ff8a82f6198 ERR_new 78875->78857 78876 7ff8a82f647c ERR_new 78876->78857 78877->78829 78877->78869 78877->78871 78877->78872 78877->78876 78878 7ff8a82f645d 78877->78878 78897 7ff8a82b1140 CRYPTO_free CRYPTO_free 78877->78897 78878->78866 78879 7ff8a82f6462 ERR_new 78878->78879 78879->78857 78880->78850 78880->78870 78880->78874 78880->78875 78881 7ff8a82f6189 ERR_new 78880->78881 78882 7ff8a82f616b ERR_new 78880->78882 78883 7ff8a82f617a ERR_new 78880->78883 78885 7ff8a82f615c ERR_new 78880->78885 78895 7ff8a82b2338 memset 78880->78895 78881->78857 78882->78857 78883->78857 78885->78857 78886->78830 78887 7ff8a82f8bd0 78886->78887 78888 7ff8a82f8c76 CRYPTO_free 78887->78888 78889 7ff8a82f8c95 CRYPTO_malloc 78887->78889 78891 7ff8a82f8cd2 78887->78891 78888->78889 78889->78887 78890 7ff8a82f8cf0 ERR_new ERR_set_debug 78889->78890 78890->78891 78891->78830 78892->78845 78893->78842 78894->78862 78895->78880 78896->78858 78897->78877 78898->78866 78899 7ff8a8320710 78900 7ff8a8320728 78899->78900 78901 7ff8a832086d 78900->78901 78903 7ff8a8320836 ERR_new ERR_set_debug 78900->78903 78904 7ff8a8320866 78900->78904 78906 7ff8a82b1c1c 78900->78906 78902 7ff8a83208ce ERR_new ERR_set_debug 78901->78902 78901->78904 78902->78904 78903->78904 78906->78900 78908 7ff8a82f6960 78906->78908 78907 7ff8a82f6a29 ERR_new 78909 7ff8a82f73d5 ERR_set_debug 78907->78909 78908->78907 78910 7ff8a82f6a52 78908->78910 78930 7ff8a82f6a38 78908->78930 78909->78910 78910->78900 78912 7ff8a82f73cb ERR_new 78912->78909 78913 7ff8a82f712e ERR_new ERR_set_debug 78913->78910 78914 7ff8a82f7101 ERR_new ERR_set_debug 78914->78910 78915 7ff8a82f735e ERR_new 78915->78909 78916 7ff8a82f6c5d ERR_new ERR_set_debug 78916->78910 78917 7ff8a82f722e ERR_new ERR_set_debug 78917->78910 78918 7ff8a82f6fc5 ERR_new ERR_set_debug 78918->78910 78919 7ff8a82f736a ERR_new 78924 7ff8a82f733d ERR_set_debug 78919->78924 78920 7ff8a82f728c ERR_new ERR_set_debug 78920->78910 78921 7ff8a82f6e59 memcpy 78921->78930 78922 7ff8a82f7030 memcpy 78922->78930 78923 7ff8a82f7333 ERR_new 78923->78924 78924->78910 78925 7ff8a82f725b 78928 7ff8a82f726a BIO_clear_flags BIO_set_flags 78925->78928 78926 7ff8a82f707c OPENSSL_cleanse 78926->78930 78927 7ff8a82f730c ERR_new ERR_set_debug 78927->78910 78928->78910 78929 7ff8a82f7300 ERR_new 78931 7ff8a82f72ce ERR_set_debug 78929->78931 78930->78910 78930->78912 78930->78913 78930->78914 78930->78915 78930->78916 78930->78917 78930->78918 78930->78919 78930->78920 78930->78921 78930->78922 78930->78923 78930->78925 78930->78926 78930->78927 78930->78929 78932 7ff8a82f7201 ERR_new ERR_set_debug 78930->78932 78933 7ff8a82f7193 ERR_new ERR_set_debug 78930->78933 78935 7ff8a82f72c4 ERR_new 78930->78935 78936 7ff8a82f7166 ERR_new ERR_set_debug 78930->78936 78938 7ff8a82f6dde ERR_new ERR_set_debug 78930->78938 78939 7ff8a82b1a0f 78930->78939 78931->78910 78932->78910 78934 7ff8a82f71dc 78933->78934 79012 7ff8a82b1677 CRYPTO_THREAD_write_lock OPENSSL_LH_retrieve OPENSSL_LH_delete CRYPTO_THREAD_unlock 78934->79012 78935->78931 78936->78910 78938->78910 78939->78930 78948 7ff8a82fa460 78939->78948 78940 7ff8a82fb23f ERR_new 78944 7ff8a82fb24e ERR_new 78940->78944 78941 7ff8a82fb3cf ERR_new ERR_set_debug 78945 7ff8a82faa83 78941->78945 78942 7ff8a82fb3c3 ERR_new 78947 7ff8a82fb3a3 ERR_set_debug 78942->78947 78943 7ff8a82fa790 ERR_new ERR_set_debug 78943->78945 78949 7ff8a82fb25d 78944->78949 78945->78930 78946 7ff8a82faacc 78950 7ff8a82faaf3 78946->78950 78951 7ff8a82faad8 EVP_MD_CTX_get0_md 78946->78951 78947->78945 78948->78940 78948->78941 78948->78942 78948->78943 78948->78944 78948->78945 78948->78949 78952 7ff8a82fa896 EVP_CIPHER_CTX_get0_cipher EVP_CIPHER_get_flags 78948->78952 78953 7ff8a82fa9d6 78948->78953 78955 7ff8a82fb365 ERR_new 78948->78955 78970 7ff8a82fa8cf ERR_new ERR_set_debug 78948->78970 78977 7ff8a82fa5e3 ERR_new ERR_set_debug 78948->78977 78983 7ff8a82fa8fc 78948->78983 78993 7ff8a82fa9a9 ERR_new ERR_set_debug 78948->78993 78995 7ff8a82fa97c ERR_new ERR_set_debug 78948->78995 78956 7ff8a82fb356 ERR_new 78949->78956 78957 7ff8a82fb26a strncmp 78949->78957 78954 7ff8a82fac58 78950->78954 78965 7ff8a82fab93 78950->78965 78973 7ff8a82fac49 ERR_new 78950->78973 78985 7ff8a82fab6f CRYPTO_memcmp 78950->78985 78986 7ff8a82fac1c ERR_new ERR_set_debug 78950->78986 78951->78950 78958 7ff8a82faae2 EVP_MD_get_size 78951->78958 78952->78948 78952->78953 78953->78946 78967 7ff8a82faa2e 78953->78967 78960 7ff8a82fac61 CRYPTO_zalloc 78954->78960 78961 7ff8a82fab9b ERR_set_mark 78954->78961 78955->78947 78956->78955 78963 7ff8a82fb32b ERR_new ERR_set_debug 78957->78963 78964 7ff8a82fb28b strncmp 78957->78964 78958->78950 78959 7ff8a82fabf4 ERR_new ERR_set_debug 78958->78959 78959->78945 78960->78961 78968 7ff8a82fac88 ERR_new ERR_set_debug 78960->78968 78972 7ff8a82fabd0 78961->78972 78963->78945 78964->78963 78966 7ff8a82fb2ab strncmp 78964->78966 78965->78961 78966->78963 78969 7ff8a82fb2c2 strncmp 78966->78969 78971 7ff8a82faa9f ERR_new ERR_set_debug 78967->78971 78978 7ff8a82faa3e 78967->78978 78968->78945 78969->78963 78976 7ff8a82fb2da strncmp 78969->78976 78970->78945 78971->78945 78974 7ff8a82fabda 78972->78974 78975 7ff8a82fad49 78972->78975 78973->78954 78982 7ff8a82fabea ERR_clear_last_mark 78974->78982 78987 7ff8a82facb0 78974->78987 78989 7ff8a82fad78 EVP_MD_CTX_get0_md 78975->78989 79008 7ff8a82fae59 78975->79008 78979 7ff8a82fb2f1 ERR_new ERR_set_debug 78976->78979 78980 7ff8a82fb31c ERR_new 78976->78980 78977->78945 78978->78945 78981 7ff8a82faa56 ERR_new ERR_set_debug 78978->78981 78979->78945 78980->78963 78981->78945 78996 7ff8a82facde 78982->78996 78984 7ff8a82fa94f ERR_new ERR_set_debug 78983->78984 78990 7ff8a82fa91f ERR_new ERR_set_debug 78983->78990 78991 7ff8a82fa94a 78983->78991 78984->78945 78985->78950 78985->78986 78986->78945 78988 7ff8a82fad0d ERR_clear_last_mark ERR_new ERR_set_debug 78987->78988 78997 7ff8a82facc2 ERR_pop_to_mark 78987->78997 78988->78996 79001 7ff8a82fad8d 78989->79001 78989->79008 78990->78945 78991->78984 78992 7ff8a82fb0ac CRYPTO_free 78992->78945 78993->78945 78994 7ff8a82fb0fb ERR_new ERR_set_debug 78994->78996 78995->78945 78996->78945 78996->78992 78998 7ff8a82fb08d CRYPTO_free 78996->78998 78997->78996 78998->78996 78999 7ff8a82fb20a ERR_new ERR_set_debug 78999->78996 79000 7ff8a82fb0c6 ERR_new ERR_set_debug 79000->78996 79006 7ff8a82fadde CRYPTO_memcmp 79001->79006 79007 7ff8a82fae0a 79001->79007 79001->79008 79002 7ff8a82faff0 ERR_new ERR_set_debug 79002->78996 79003 7ff8a82fb167 ERR_new ERR_set_debug 79003->78996 79004 7ff8a82fb19e ERR_new ERR_set_debug 79004->78996 79005 7ff8a82fb1d5 ERR_new ERR_set_debug 79005->78996 79006->79001 79007->79008 79009 7ff8a82fae12 79007->79009 79008->78994 79008->78996 79008->78999 79008->79000 79008->79002 79008->79003 79008->79004 79008->79005 79010 7ff8a82fb130 ERR_new ERR_set_debug 79008->79010 79009->78996 79011 7ff8a82fae22 ERR_new ERR_set_debug 79009->79011 79010->78996 79011->78996 79012->78910 79013 7ff8a8031490 GetSystemInfo 79014 7ff8a80314c4 79013->79014 79015 7ff8a82b1618 79016 7ff8a82c89b0 79015->79016 79017 7ff8a82c8a65 EVP_MD_get_size 79016->79017 79019 7ff8a82c8a8b ERR_set_mark EVP_SIGNATURE_fetch 79016->79019 79017->79016 79018 7ff8a82c8eae 79017->79018 79020 7ff8a82c8ab2 79019->79020 79021 7ff8a82c8ac3 EVP_KEYEXCH_fetch 79020->79021 79022 7ff8a82c8ade 79021->79022 79023 7ff8a82c8af2 EVP_KEYEXCH_fetch 79022->79023 79024 7ff8a82c8b0d 79023->79024 79025 7ff8a82c8b19 EVP_KEYEXCH_free 79023->79025 79026 7ff8a82c8b21 EVP_SIGNATURE_fetch 79024->79026 79025->79026 79027 7ff8a82c8b45 EVP_SIGNATURE_free 79026->79027 79028 7ff8a82c8b3c 79026->79028 79029 7ff8a82c8b4d ERR_pop_to_mark EVP_PKEY_asn1_find_str 79027->79029 79028->79029 79030 7ff8a82c8baf EVP_PKEY_asn1_get0_info 79029->79030 79031 7ff8a82c8bce 79029->79031 79030->79031 79032 7ff8a82c8bfc EVP_PKEY_asn1_find_str 79031->79032 79033 7ff8a82c8c1f EVP_PKEY_asn1_get0_info 79032->79033 79034 7ff8a82c8c3e 79032->79034 79033->79034 79035 7ff8a82c8c6f EVP_PKEY_asn1_find_str 79034->79035 79036 7ff8a82c8c92 EVP_PKEY_asn1_get0_info 79035->79036 79037 7ff8a82c8cb1 79035->79037 79036->79037 79038 7ff8a82c8ce2 EVP_PKEY_asn1_find_str 79037->79038 79039 7ff8a82c8d05 EVP_PKEY_asn1_get0_info 79038->79039 79040 7ff8a82c8d24 79038->79040 79039->79040 79041 7ff8a82c8d55 EVP_PKEY_asn1_find_str 79040->79041 79042 7ff8a82c8d78 EVP_PKEY_asn1_get0_info 79041->79042 79043 7ff8a82c8d97 79041->79043 79042->79043 79044 7ff8a82c8db4 EVP_PKEY_asn1_find_str 79043->79044 79045 7ff8a82c8dd7 EVP_PKEY_asn1_get0_info 79044->79045 79046 7ff8a82c8df6 79044->79046 79045->79046 79047 7ff8a82c8e13 EVP_PKEY_asn1_find_str 79046->79047 79048 7ff8a82c8e36 EVP_PKEY_asn1_get0_info 79047->79048 79049 7ff8a82c8e55 79047->79049 79048->79049

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF8A82B1A0F Relevance: 149.6, APIs: 77, Strings: 8, Instructions: 892COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug$R_get_flagsX_get0_cipher
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                                                                          • API String ID: 1830453883-2781224710
                                                                                                                                                                                                                                          • Opcode ID: 5844f7621a1cbe1188d8689772c9c6c5490e683883325f7f9fc13d7db788595b
                                                                                                                                                                                                                                          • Instruction ID: 4d6163cb871a9eb349962d35dad05c1eb02323728ace7315208d5d870e49f9d7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5844f7621a1cbe1188d8689772c9c6c5490e683883325f7f9fc13d7db788595b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D792AF31A0FA86A5FB20DB21D8457B92290FF54BC8F584036DA4E4769DDF7CE895C328
                                                                                                                                                                                                                                          Function 00007FF8A82F5770 Relevance: 65.6, APIs: 34, Strings: 3, Instructions: 827COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug$X_get0_md$D_get_sizeR_get_modeX_get0_cipherX_get_iv_length
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c$U$do_ssl3_write
                                                                                                                                                                                                                                          • API String ID: 2155623385-3398879041
                                                                                                                                                                                                                                          • Opcode ID: bca7e7fb3376a335542f5993ff9c45827a35be7171bdc2aead283071b174c52e
                                                                                                                                                                                                                                          • Instruction ID: b2d68e074cea9684367d0c5a9d70f8c937e5d81a6b87a33c98ebda4bfe9dd6ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bca7e7fb3376a335542f5993ff9c45827a35be7171bdc2aead283071b174c52e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C572AE32A0AA82A6FB209B21D5447BE23A0FB45BC4F544136DE4D4778DDF7CE865C728
                                                                                                                                                                                                                                          Function 00007FF8A82B1618 Relevance: 65.1, APIs: 23, Strings: 14, Instructions: 314COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 729 7ff8a82b1618-7ff8a82c89eb call 7ff8a82b1325 733 7ff8a82c89f0-7ff8a82c89f5 729->733 734 7ff8a82c8a16-7ff8a82c8a22 733->734 735 7ff8a82c89f7-7ff8a82c8a01 call 7ff8a82b1e1f 733->735 734->733 737 7ff8a82c8a24-7ff8a82c8a3c 734->737 738 7ff8a82c8a06-7ff8a82c8a0c 735->738 739 7ff8a82c8a40-7ff8a82c8a59 call 7ff8a82b185c 737->739 738->734 740 7ff8a82c8a0e-7ff8a82c8a10 738->740 743 7ff8a82c8a65-7ff8a82c8a6f EVP_MD_get_size 739->743 744 7ff8a82c8a5b-7ff8a82c8a63 739->744 740->734 745 7ff8a82c8a75-7ff8a82c8a77 743->745 746 7ff8a82c8eae-7ff8a82c8ec0 743->746 747 7ff8a82c8a7a-7ff8a82c8a89 744->747 745->747 747->739 748 7ff8a82c8a8b-7ff8a82c8ab0 ERR_set_mark EVP_SIGNATURE_fetch 747->748 749 7ff8a82c8ab2-7ff8a82c8ab9 748->749 750 7ff8a82c8abb-7ff8a82c8abe call 7ff8a832c5e9 748->750 751 7ff8a82c8ac3-7ff8a82c8adc EVP_KEYEXCH_fetch 749->751 750->751 753 7ff8a82c8ade-7ff8a82c8ae8 751->753 754 7ff8a82c8aea-7ff8a82c8aed call 7ff8a832c5f5 751->754 755 7ff8a82c8af2-7ff8a82c8b0b EVP_KEYEXCH_fetch 753->755 754->755 757 7ff8a82c8b0d-7ff8a82c8b17 755->757 758 7ff8a82c8b19-7ff8a82c8b1c EVP_KEYEXCH_free 755->758 759 7ff8a82c8b21-7ff8a82c8b3a EVP_SIGNATURE_fetch 757->759 758->759 760 7ff8a82c8b45-7ff8a82c8b48 EVP_SIGNATURE_free 759->760 761 7ff8a82c8b3c-7ff8a82c8b43 759->761 762 7ff8a82c8b4d-7ff8a82c8bad ERR_pop_to_mark EVP_PKEY_asn1_find_str 760->762 761->762 763 7ff8a82c8bd2-7ff8a82c8be6 call 7ff8a82b1032 762->763 764 7ff8a82c8baf-7ff8a82c8bcc EVP_PKEY_asn1_get0_info 762->764 768 7ff8a82c8bf5 763->768 769 7ff8a82c8be8-7ff8a82c8bf3 763->769 764->763 766 7ff8a82c8bce 764->766 766->763 770 7ff8a82c8bfc-7ff8a82c8c1d EVP_PKEY_asn1_find_str 768->770 769->770 771 7ff8a82c8c42-7ff8a82c8c56 call 7ff8a82b1032 770->771 772 7ff8a82c8c1f-7ff8a82c8c3c EVP_PKEY_asn1_get0_info 770->772 776 7ff8a82c8c65 771->776 777 7ff8a82c8c58-7ff8a82c8c63 771->777 772->771 773 7ff8a82c8c3e 772->773 773->771 778 7ff8a82c8c6f-7ff8a82c8c90 EVP_PKEY_asn1_find_str 776->778 777->778 779 7ff8a82c8cb5-7ff8a82c8cc9 call 7ff8a82b1032 778->779 780 7ff8a82c8c92-7ff8a82c8caf EVP_PKEY_asn1_get0_info 778->780 784 7ff8a82c8cd8 779->784 785 7ff8a82c8ccb-7ff8a82c8cd6 779->785 780->779 782 7ff8a82c8cb1 780->782 782->779 786 7ff8a82c8ce2-7ff8a82c8d03 EVP_PKEY_asn1_find_str 784->786 785->786 787 7ff8a82c8d05-7ff8a82c8d22 EVP_PKEY_asn1_get0_info 786->787 788 7ff8a82c8d28-7ff8a82c8d3c call 7ff8a82b1032 786->788 787->788 789 7ff8a82c8d24 787->789 792 7ff8a82c8d3e-7ff8a82c8d49 788->792 793 7ff8a82c8d4b 788->793 789->788 794 7ff8a82c8d55-7ff8a82c8d76 EVP_PKEY_asn1_find_str 792->794 793->794 795 7ff8a82c8d78-7ff8a82c8d95 EVP_PKEY_asn1_get0_info 794->795 796 7ff8a82c8d9b-7ff8a82c8da8 call 7ff8a82b1032 794->796 795->796 798 7ff8a82c8d97 795->798 800 7ff8a82c8db4-7ff8a82c8dd5 EVP_PKEY_asn1_find_str 796->800 801 7ff8a82c8daa 796->801 798->796 802 7ff8a82c8dd7-7ff8a82c8df4 EVP_PKEY_asn1_get0_info 800->802 803 7ff8a82c8dfa-7ff8a82c8e07 call 7ff8a82b1032 800->803 801->800 802->803 804 7ff8a82c8df6 802->804 807 7ff8a82c8e13-7ff8a82c8e34 EVP_PKEY_asn1_find_str 803->807 808 7ff8a82c8e09 803->808 804->803 809 7ff8a82c8e36-7ff8a82c8e53 EVP_PKEY_asn1_get0_info 807->809 810 7ff8a82c8e59-7ff8a82c8e66 call 7ff8a82b1032 807->810 808->807 809->810 811 7ff8a82c8e55 809->811 814 7ff8a82c8e72-7ff8a82c8e81 810->814 815 7ff8a82c8e68 810->815 811->810 816 7ff8a82c8e83 814->816 817 7ff8a82c8e8a-7ff8a82c8e8c 814->817 815->814 816->817 818 7ff8a82c8e8e 817->818 819 7ff8a82c8e98-7ff8a82c8ead 817->819 818->819
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Y_asn1_find_strY_asn1_get0_info$E_fetchH_fetch$D_get_sizeE_freeH_freeR_pop_to_markR_set_mark
                                                                                                                                                                                                                                          • String ID: $ $ $ $DSA$ECDH$ECDSA$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512$kuznyechik-mac$magma-mac
                                                                                                                                                                                                                                          • API String ID: 4252356852-365409564
                                                                                                                                                                                                                                          • Opcode ID: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                                                                                                                                                                                          • Instruction ID: 1639a871d162b416d55d522a01326fd4ef3a476839d21151a9abcf35bae4ef45
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2E1B0B2A06B9296E7909F35D4806F837D0FB543D8F085135EF4E46699EF38E1A1C728
                                                                                                                                                                                                                                          Function 00007FF8A82B1F87 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1012 7ff8a82b1f87-7ff8a82f8c04 call 7ff8a82b1325 1016 7ff8a82f8c06-7ff8a82f8c53 call 7ff8a82b250e call 7ff8a82b10fa 1012->1016 1017 7ff8a82f8c5c-7ff8a82f8c6c 1012->1017 1016->1017 1030 7ff8a82f8c55-7ff8a82f8c59 1016->1030 1018 7ff8a82f8cd2 1017->1018 1019 7ff8a82f8c6e 1017->1019 1022 7ff8a82f8cd7-7ff8a82f8cef 1018->1022 1021 7ff8a82f8c70-7ff8a82f8c74 1019->1021 1024 7ff8a82f8c76-7ff8a82f8c8e CRYPTO_free 1021->1024 1025 7ff8a82f8c90-7ff8a82f8c93 1021->1025 1028 7ff8a82f8c95-7ff8a82f8cad CRYPTO_malloc 1024->1028 1025->1028 1029 7ff8a82f8cc6-7ff8a82f8cd0 1025->1029 1031 7ff8a82f8cf0-7ff8a82f8d2b ERR_new ERR_set_debug call 7ff8a82b1d89 1028->1031 1032 7ff8a82f8caf-7ff8a82f8cc2 1028->1032 1029->1018 1029->1021 1030->1017 1031->1022 1032->1029
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_mallocR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_write_buffer
                                                                                                                                                                                                                                          • API String ID: 1940814937-2966149938
                                                                                                                                                                                                                                          • Opcode ID: 85afb77f46bc72fdc1d4914c7653f89f6487480f5dafdb57c33bc1f02508be0d
                                                                                                                                                                                                                                          • Instruction ID: 907858165172b5df2b566e2858d79dcfe164e2ee5ca23566692f10c49b0e4d15
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85afb77f46bc72fdc1d4914c7653f89f6487480f5dafdb57c33bc1f02508be0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83319E62A0AB45A1FB14DB11E8407BA62E4FB04BC4F184530DE8C1774DDF78E961C368
                                                                                                                                                                                                                                          Function 00007FF8A8031490 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1094 7ff8a8031490-7ff8a80314c2 GetSystemInfo 1095 7ff8a80314c8-7ff8a80314d9 1094->1095 1096 7ff8a80314c4-7ff8a80314c6 1094->1096 1097 7ff8a80314e4-7ff8a80314f5 1095->1097 1101 7ff8a80314db 1095->1101 1096->1097 1099 7ff8a8031500-7ff8a8031503 1097->1099 1100 7ff8a80314f7-7ff8a80314fe 1097->1100 1102 7ff8a8031535-7ff8a8031546 1099->1102 1103 7ff8a8031505-7ff8a803150d 1099->1103 1100->1102 1101->1097 1104 7ff8a8031558-7ff8a803155f 1102->1104 1105 7ff8a8031548-7ff8a8031551 1102->1105 1106 7ff8a803150f 1103->1106 1107 7ff8a8031524-7ff8a8031528 1103->1107 1109 7ff8a8031561-7ff8a8031563 1104->1109 1110 7ff8a8031565-7ff8a8031576 1104->1110 1105->1104 1111 7ff8a8031513-7ff8a8031516 1106->1111 1107->1102 1108 7ff8a803152a-7ff8a8031531 1107->1108 1108->1102 1114 7ff8a8031588-7ff8a8031592 1109->1114 1121 7ff8a8031578 1110->1121 1122 7ff8a8031581 1110->1122 1111->1107 1112 7ff8a8031518-7ff8a8031522 1111->1112 1112->1107 1112->1111 1115 7ff8a80315a4-7ff8a80315a7 1114->1115 1116 7ff8a8031594-7ff8a80315a2 1114->1116 1119 7ff8a80315a9-7ff8a80315b1 1115->1119 1120 7ff8a80315ef-7ff8a80315f9 1115->1120 1118 7ff8a80315d9-7ff8a80315dc 1116->1118 1118->1120 1125 7ff8a80315de-7ff8a80315ed 1118->1125 1123 7ff8a80315c8-7ff8a80315cc 1119->1123 1124 7ff8a80315b3 1119->1124 1126 7ff8a8031600-7ff8a8031603 1120->1126 1121->1122 1122->1114 1123->1118 1128 7ff8a80315ce-7ff8a80315d5 1123->1128 1127 7ff8a80315b7-7ff8a80315ba 1124->1127 1125->1126 1129 7ff8a8031615-7ff8a803161c 1126->1129 1130 7ff8a8031605-7ff8a803160e 1126->1130 1127->1123 1133 7ff8a80315bc-7ff8a80315c6 1127->1133 1128->1118 1131 7ff8a803161e-7ff8a8031620 1129->1131 1132 7ff8a8031622-7ff8a8031633 1129->1132 1130->1129 1134 7ff8a8031645-7ff8a803164f 1131->1134 1139 7ff8a803163e 1132->1139 1140 7ff8a8031635 1132->1140 1133->1123 1133->1127 1137 7ff8a8031661-7ff8a8031664 1134->1137 1138 7ff8a8031651-7ff8a803165f 1134->1138 1142 7ff8a80316ac-7ff8a80316b6 1137->1142 1143 7ff8a8031666-7ff8a803166e 1137->1143 1141 7ff8a8031696-7ff8a8031699 1138->1141 1139->1134 1140->1139 1141->1142 1144 7ff8a803169b-7ff8a80316aa 1141->1144 1145 7ff8a80316bd-7ff8a80316c0 1142->1145 1146 7ff8a8031670 1143->1146 1147 7ff8a8031685-7ff8a8031689 1143->1147 1144->1145 1148 7ff8a80316d2-7ff8a80316d9 1145->1148 1149 7ff8a80316c2-7ff8a80316cb 1145->1149 1150 7ff8a8031674-7ff8a8031677 1146->1150 1147->1141 1151 7ff8a803168b-7ff8a8031692 1147->1151 1152 7ff8a80316db-7ff8a80316dd 1148->1152 1153 7ff8a80316df-7ff8a80316f0 1148->1153 1149->1148 1150->1147 1154 7ff8a8031679-7ff8a8031683 1150->1154 1151->1141 1156 7ff8a8031702-7ff8a803170c 1152->1156 1163 7ff8a80316fb 1153->1163 1164 7ff8a80316f2 1153->1164 1154->1147 1154->1150 1157 7ff8a803171e-7ff8a8031721 1156->1157 1158 7ff8a803170e-7ff8a803171c 1156->1158 1161 7ff8a8031769-7ff8a8031770 1157->1161 1162 7ff8a8031723-7ff8a803172b 1157->1162 1160 7ff8a8031753-7ff8a8031756 1158->1160 1160->1161 1167 7ff8a8031758-7ff8a8031767 1160->1167 1168 7ff8a8031777-7ff8a803177a 1161->1168 1165 7ff8a803172d 1162->1165 1166 7ff8a8031742-7ff8a8031746 1162->1166 1163->1156 1164->1163 1169 7ff8a8031731-7ff8a8031734 1165->1169 1166->1160 1170 7ff8a8031748-7ff8a803174f 1166->1170 1167->1168 1171 7ff8a803177c 1168->1171 1172 7ff8a8031785-7ff8a803178c 1168->1172 1169->1166 1173 7ff8a8031736-7ff8a8031740 1169->1173 1170->1160 1171->1172 1174 7ff8a803178e-7ff8a80317a0 1172->1174 1175 7ff8a80317a1-7ff8a80317ba 1172->1175 1173->1166 1173->1169
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295738772.00007FF8A8021000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FF8A8020000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295719381.00007FF8A8020000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295834254.00007FF8A814C000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295865771.00007FF8A817A000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295886280.00007FF8A817F000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8020000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                                                                          • Opcode ID: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                          • Instruction ID: 57d735f945e85d40056ec4ee90a48822f8a745f2d5a9a63695fe27e52b6473c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CA1EC25A0FB06A1FF568B46A81077422A1FF69BC4F140539E98E473E0DF7CE5A1C768
                                                                                                                                                                                                                                          Function 00007FF8A82B1C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 617COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                                                                                                                                                                                          • API String ID: 193678381-3615793073
                                                                                                                                                                                                                                          • Opcode ID: 381c6c421e8021476aeda6a916ac96ac20e7bda4ea2bb99a447231b109823cd9
                                                                                                                                                                                                                                          • Instruction ID: a324bee1279f6bde66cd1839d6d71f9d57cf1ad13da97f39a73e5307210e750a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 381c6c421e8021476aeda6a916ac96ac20e7bda4ea2bb99a447231b109823cd9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2452B231A0FA82A5FB649B11D4403BA36A1EF51BC4F584139CE4E0768DDF7EE895C328
                                                                                                                                                                                                                                          Function 00007FF8A830E240 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 820 7ff8a830e240-7ff8a830e271 call 7ff8a82b1325 823 7ff8a830e281-7ff8a830e2d9 820->823 824 7ff8a830e273-7ff8a830e27a 820->824 825 7ff8a830e2e8-7ff8a830e2ec 823->825 826 7ff8a830e2db-7ff8a830e2e5 823->826 824->823 827 7ff8a830e2f0-7ff8a830e2f5 825->827 826->825 828 7ff8a830e334-7ff8a830e34a 827->828 829 7ff8a830e2f7-7ff8a830e2fa 827->829 832 7ff8a830e34c-7ff8a830e351 call 7ff8a82b26a3 828->832 833 7ff8a830e353 call 7ff8a82b224d 828->833 830 7ff8a830e300-7ff8a830e303 829->830 831 7ff8a830e414-7ff8a830e42a 829->831 837 7ff8a830e309-7ff8a830e30c 830->837 838 7ff8a830e500-7ff8a830e505 ERR_new 830->838 835 7ff8a830e42c-7ff8a830e431 call 7ff8a82b15e1 831->835 836 7ff8a830e433 call 7ff8a82b11c7 831->836 841 7ff8a830e358-7ff8a830e35a 832->841 833->841 850 7ff8a830e438-7ff8a830e43a 835->850 836->850 849 7ff8a830e312-7ff8a830e318 837->849 842 7ff8a830e50a-7ff8a830e528 ERR_set_debug 838->842 845 7ff8a830e360-7ff8a830e363 841->845 846 7ff8a830e5d1 841->846 847 7ff8a830e5c6-7ff8a830e5cc call 7ff8a82b1d89 842->847 852 7ff8a830e381-7ff8a830e38d 845->852 853 7ff8a830e365-7ff8a830e377 845->853 854 7ff8a830e5d3-7ff8a830e5ea 846->854 847->846 849->825 855 7ff8a830e31a-7ff8a830e32a 849->855 850->846 856 7ff8a830e440-7ff8a830e458 850->856 852->846 862 7ff8a830e393-7ff8a830e3a3 852->862 857 7ff8a830e379 853->857 858 7ff8a830e37e 853->858 855->828 859 7ff8a830e45e-7ff8a830e484 856->859 860 7ff8a830e591-7ff8a830e59b ERR_new 856->860 857->858 858->852 864 7ff8a830e48a-7ff8a830e48d 859->864 865 7ff8a830e576-7ff8a830e57a 859->865 860->842 875 7ff8a830e3a9-7ff8a830e3b7 862->875 876 7ff8a830e5a0-7ff8a830e5c2 ERR_new ERR_set_debug 862->876 866 7ff8a830e493-7ff8a830e496 864->866 867 7ff8a830e557-7ff8a830e565 864->867 868 7ff8a830e57c-7ff8a830e580 865->868 869 7ff8a830e582-7ff8a830e58c ERR_set_debug ERR_new 865->869 872 7ff8a830e498-7ff8a830e49b 866->872 873 7ff8a830e4a0-7ff8a830e4ae 866->873 879 7ff8a830e56f-7ff8a830e574 867->879 880 7ff8a830e567-7ff8a830e56a call 7ff8a82b253b 867->880 868->846 868->869 869->847 872->827 873->827 877 7ff8a830e3b9-7ff8a830e3bc 875->877 878 7ff8a830e405-7ff8a830e40d 875->878 876->847 877->878 881 7ff8a830e3be-7ff8a830e3df BUF_MEM_grow_clean 877->881 878->831 879->854 880->879 883 7ff8a830e52d-7ff8a830e555 ERR_new ERR_set_debug 881->883 884 7ff8a830e3e5-7ff8a830e3e8 881->884 883->847 884->883 885 7ff8a830e3ee-7ff8a830e403 884->885 885->878
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                                          • API String ID: 0-3323778802
                                                                                                                                                                                                                                          • Opcode ID: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                                                                                                                                                                                          • Instruction ID: e8d1510d2f0fe095ed84c3d908a88191b1b2da940f3ccc74bb82d87289688e30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14377edc59a60446f09f780bfe0d0aa6ceb5de1d18d0f26ea132c90706a724b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1919F72B0BA46A5FB10AFA4E4443B927A0FF44BC8F584536DA4D47699DF3CE446C328
                                                                                                                                                                                                                                          Function 00007FF8A830EC70 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 886 7ff8a830ec70-7ff8a830ec9c call 7ff8a82b1325 889 7ff8a830ecac-7ff8a830ecfc 886->889 890 7ff8a830ec9e-7ff8a830eca5 886->890 891 7ff8a830ed00-7ff8a830ed05 889->891 890->889 892 7ff8a830ed0b-7ff8a830ed0e 891->892 893 7ff8a830ef14-7ff8a830ef17 891->893 896 7ff8a830ed4a-7ff8a830ed59 892->896 897 7ff8a830ed10-7ff8a830ed13 892->897 894 7ff8a830ef19-7ff8a830ef2b 893->894 895 7ff8a830ef34-7ff8a830ef3d 893->895 898 7ff8a830ef2d 894->898 899 7ff8a830ef32 894->899 914 7ff8a830ef43-7ff8a830ef46 895->914 915 7ff8a830f005-7ff8a830f009 895->915 910 7ff8a830ed5b-7ff8a830ed65 896->910 911 7ff8a830ed71-7ff8a830ed8e 896->911 900 7ff8a830ed19-7ff8a830ed1c 897->900 901 7ff8a830ee6b-7ff8a830ee7a 897->901 898->899 899->895 904 7ff8a830ed22-7ff8a830ed45 ERR_new ERR_set_debug 900->904 905 7ff8a830eee5-7ff8a830eeeb call 7ff8a8310672 900->905 906 7ff8a830ee8a-7ff8a830ee90 901->906 907 7ff8a830ee7c-7ff8a830ee80 901->907 908 7ff8a830f034-7ff8a830f03e call 7ff8a82b1d89 904->908 916 7ff8a830eeed-7ff8a830eef3 905->916 912 7ff8a830eeaa-7ff8a830eec1 906->912 913 7ff8a830ee92-7ff8a830ee95 906->913 907->906 909 7ff8a830ee82-7ff8a830ee85 call 7ff8a82b1cf8 907->909 928 7ff8a830f043 908->928 909->906 910->911 911->928 935 7ff8a830ed94-7ff8a830ed9c 911->935 920 7ff8a830eeca call 7ff8a82b1528 912->920 921 7ff8a830eec3-7ff8a830eec8 call 7ff8a82b1294 912->921 913->912 919 7ff8a830ee97-7ff8a830eea8 913->919 922 7ff8a830ef58-7ff8a830ef66 914->922 923 7ff8a830ef48-7ff8a830ef4b 914->923 924 7ff8a830f00b-7ff8a830f00f 915->924 925 7ff8a830f011-7ff8a830f016 ERR_new 915->925 916->891 927 7ff8a830eef9-7ff8a830ef03 916->927 937 7ff8a830eecf-7ff8a830eed1 919->937 920->937 921->937 922->891 923->891 932 7ff8a830ef51-7ff8a830ef53 923->932 924->925 924->928 926 7ff8a830f01b-7ff8a830f02e ERR_set_debug 925->926 926->908 927->893 933 7ff8a830f045-7ff8a830f05d 928->933 932->933 938 7ff8a830ed9e-7ff8a830edac 935->938 939 7ff8a830edb1-7ff8a830edc4 call 7ff8a82b1389 935->939 937->928 940 7ff8a830eed7-7ff8a830eede 937->940 938->891 943 7ff8a830edca-7ff8a830edeb 939->943 944 7ff8a830efec-7ff8a830effb call 7ff8a82b1b9a ERR_new 939->944 940->905 943->944 948 7ff8a830edf1-7ff8a830edfc 943->948 944->915 949 7ff8a830edfe-7ff8a830ee0a 948->949 950 7ff8a830ee32-7ff8a830ee53 948->950 953 7ff8a830ef8a-7ff8a830ef98 call 7ff8a82b1b9a 949->953 954 7ff8a830ee10-7ff8a830ee13 949->954 955 7ff8a830ee59-7ff8a830ee65 call 7ff8a82b1140 950->955 956 7ff8a830efd3-7ff8a830efe2 call 7ff8a82b1b9a ERR_new 950->956 965 7ff8a830ef9a-7ff8a830ef9e 953->965 966 7ff8a830efa4-7ff8a830efae ERR_new 953->966 954->950 958 7ff8a830ee15-7ff8a830ee2d call 7ff8a82b1b9a 954->958 955->901 955->956 956->944 958->891 965->928 965->966 966->926
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                          • API String ID: 193678381-552286378
                                                                                                                                                                                                                                          • Opcode ID: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                                                                                                                                                                                          • Instruction ID: ed1825333ab0f899fd395a21385d53f29b0af933784cbfb3d6b666f82eba1869
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1edee16b17f7b7a209ddbeed6cd636bdd8764bdbe6572802cc707b3b873bb90e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10A1A032B0A986A6EB64EF65E4543B92360FF40BC8F580036DA4D43699DF3CE945C728
                                                                                                                                                                                                                                          Function 00007FF8A8320710 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 969 7ff8a8320710-7ff8a8320740 call 7ff8a82b1325 972 7ff8a8320744-7ff8a832074e 969->972 973 7ff8a83207b9-7ff8a83207bd 972->973 974 7ff8a8320750-7ff8a832077f call 7ff8a82b1c1c 972->974 975 7ff8a8320913-7ff8a832092f call 7ff8a82b26c6 973->975 976 7ff8a83207c3-7ff8a83207c7 973->976 977 7ff8a8320783-7ff8a8320785 974->977 988 7ff8a8320931-7ff8a8320952 call 7ff8a82b1e42 975->988 989 7ff8a8320954-7ff8a8320983 975->989 976->975 978 7ff8a83207cd-7ff8a83207d0 976->978 980 7ff8a832078b-7ff8a8320792 977->980 981 7ff8a8320905 977->981 978->975 982 7ff8a83207d6-7ff8a83207da 978->982 984 7ff8a8320798-7ff8a832079b 980->984 985 7ff8a832086d-7ff8a8320874 980->985 987 7ff8a832090c-7ff8a832090e 981->987 982->975 986 7ff8a83207e0-7ff8a83207e4 982->986 993 7ff8a83207a1-7ff8a83207b7 984->993 994 7ff8a8320836-7ff8a8320868 ERR_new ERR_set_debug call 7ff8a82b1d89 984->994 991 7ff8a83208ce-7ff8a8320900 ERR_new ERR_set_debug call 7ff8a82b1d89 985->991 992 7ff8a8320876-7ff8a832087c 985->992 986->975 996 7ff8a83207ea-7ff8a83207ee 986->996 997 7ff8a832099a-7ff8a83209ac 987->997 995 7ff8a8320987-7ff8a832098e 988->995 989->995 991->997 992->991 999 7ff8a832087e-7ff8a8320881 992->999 993->973 993->974 994->997 1000 7ff8a8320995 995->1000 996->975 1002 7ff8a83207f4-7ff8a8320805 996->1002 999->991 1005 7ff8a8320883-7ff8a8320887 999->1005 1000->997 1002->972 1007 7ff8a832080b-7ff8a8320831 1002->1007 1008 7ff8a8320889-7ff8a8320893 1005->1008 1009 7ff8a8320895-7ff8a83208c9 1005->1009 1007->972 1008->987 1008->1009 1009->1000
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                                                          • API String ID: 193678381-2714770296
                                                                                                                                                                                                                                          • Opcode ID: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                                                                                                                                                                                          • Instruction ID: 583efb80db7c6085f3f7d2cba466c552cded43250434f6ef76c6edc7174129ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a675c68133e8178ac648a78a03b7d1437f40432096ecb796daf1537fba5ad51
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6615232A09B81A5EB50CF25E4643B977A0FB54B88F088035DB8D47765EF3CE559C724
                                                                                                                                                                                                                                          Function 00007FF8A82CFAE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                                          • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                                          • Opcode ID: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                                          • Instruction ID: b8261b8a103b8e418e6a88c3d8fc27f5933366171f8912f2763f556821dd8cf5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c91630741219631a69d9c5f3432363629406958cc77146902cc34db31b5e4eda
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB21A163F0A746A6E740EB35E4512BD2351FF897C8F584231EA8D0378AEF3CE5918664
                                                                                                                                                                                                                                          Function 00007FF8A82D74A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: J_nid2snR_fetchR_pop_to_markR_set_mark
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2772354928-0
                                                                                                                                                                                                                                          • Opcode ID: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                                                                                                                                                                                          • Instruction ID: 628f5fa924ae06810978aadd65f3a3dc4a762a3459c2d6d13e4dde2f48fb9e58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFF0A001B0BB8111EA44676268451B99550EFA8BC0F0C4434FE8D47BCBEF2CE9424618
                                                                                                                                                                                                                                          Function 00007FF8A830E5EC Relevance: 4.8, APIs: 3, Instructions: 344COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1064 7ff8a830e5ec-7ff8a830e5f5 1065 7ff8a830e5fc-7ff8a830e734 call 7ff8a82b1325 1064->1065 1066 7ff8a830e5f7-7ff8a830e5fb 1064->1066 1069 7ff8a830ea8a-7ff8a830eaa4 1065->1069 1070 7ff8a830e73a-7ff8a830e751 ERR_clear_error SetLastError 1065->1070 1066->1065 1071 7ff8a830e761-7ff8a830e768 1070->1071 1072 7ff8a830e753-7ff8a830e75a 1070->1072 1073 7ff8a830e76a-7ff8a830e76e 1071->1073 1074 7ff8a830e776-7ff8a830e780 1071->1074 1072->1071 1075 7ff8a830e770-7ff8a830e774 1073->1075 1076 7ff8a830e792-7ff8a830e993 1073->1076 1074->1076 1077 7ff8a830e782-7ff8a830e78c call 7ff8a82b192e 1074->1077 1075->1074 1075->1076 1083 7ff8a830e997-7ff8a830e99f call 7ff8a830e240 1076->1083 1077->1069 1077->1076 1086 7ff8a830e9a4-7ff8a830e9a7 1083->1086 1087 7ff8a830e9ad-7ff8a830e9ee 1086->1087 1088 7ff8a830ea60-7ff8a830ea71 BUF_MEM_free 1086->1088 1087->1083 1091 7ff8a830e9f0-7ff8a830e9f3 1087->1091 1088->1069 1090 7ff8a830ea73-7ff8a830ea81 1088->1090 1092 7ff8a830ea88 1090->1092 1093 7ff8a830ea83 1090->1093 1091->1088 1092->1069 1093->1092
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1231514297-0
                                                                                                                                                                                                                                          • Opcode ID: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                                                                                                                                                                                          • Instruction ID: c9d75ca335c3ecb4f0c803a2c5786897880b3f63b391ed8eb668b981371a0664
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce68793f5ed94765da0cf06069d6cda8a1f14ed55aa43607596081dc107df58f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D31B273B0AA429AE764BE95A48127927B0FF51FC4F5C4431DE4943686DF3CE882C764
                                                                                                                                                                                                                                          Function 00007FF8A830E330 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1177 7ff8a830e330-7ff8a830e34a 1178 7ff8a830e34c call 7ff8a82b26a3 1177->1178 1179 7ff8a830e353 call 7ff8a82b224d 1177->1179 1182 7ff8a830e351 1178->1182 1183 7ff8a830e358-7ff8a830e35a 1179->1183 1182->1183 1184 7ff8a830e360-7ff8a830e363 1183->1184 1185 7ff8a830e5d1 1183->1185 1186 7ff8a830e381-7ff8a830e38d 1184->1186 1187 7ff8a830e365-7ff8a830e377 1184->1187 1188 7ff8a830e5d3-7ff8a830e5ea 1185->1188 1186->1185 1192 7ff8a830e393-7ff8a830e3a3 1186->1192 1189 7ff8a830e379 1187->1189 1190 7ff8a830e37e 1187->1190 1189->1190 1190->1186 1194 7ff8a830e3a9-7ff8a830e3b7 1192->1194 1195 7ff8a830e5a0-7ff8a830e5c2 ERR_new ERR_set_debug 1192->1195 1196 7ff8a830e3b9-7ff8a830e3bc 1194->1196 1197 7ff8a830e405-7ff8a830e40d 1194->1197 1198 7ff8a830e5c6-7ff8a830e5cc call 7ff8a82b1d89 1195->1198 1196->1197 1199 7ff8a830e3be-7ff8a830e3df BUF_MEM_grow_clean 1196->1199 1201 7ff8a830e414-7ff8a830e42a 1197->1201 1198->1185 1202 7ff8a830e52d-7ff8a830e555 ERR_new ERR_set_debug 1199->1202 1203 7ff8a830e3e5-7ff8a830e3e8 1199->1203 1204 7ff8a830e42c-7ff8a830e431 call 7ff8a82b15e1 1201->1204 1205 7ff8a830e433 call 7ff8a82b11c7 1201->1205 1202->1198 1203->1202 1206 7ff8a830e3ee-7ff8a830e403 1203->1206 1210 7ff8a830e438-7ff8a830e43a 1204->1210 1205->1210 1206->1197 1210->1185 1211 7ff8a830e440-7ff8a830e458 1210->1211 1212 7ff8a830e45e-7ff8a830e484 1211->1212 1213 7ff8a830e591-7ff8a830e59b ERR_new 1211->1213 1216 7ff8a830e48a-7ff8a830e48d 1212->1216 1217 7ff8a830e576-7ff8a830e57a 1212->1217 1214 7ff8a830e50a-7ff8a830e528 ERR_set_debug 1213->1214 1214->1198 1218 7ff8a830e493-7ff8a830e496 1216->1218 1219 7ff8a830e557-7ff8a830e565 1216->1219 1220 7ff8a830e57c-7ff8a830e580 1217->1220 1221 7ff8a830e582-7ff8a830e58c ERR_set_debug ERR_new 1217->1221 1223 7ff8a830e498-7ff8a830e49b 1218->1223 1224 7ff8a830e4a0-7ff8a830e4ae 1218->1224 1227 7ff8a830e56f-7ff8a830e574 1219->1227 1228 7ff8a830e567-7ff8a830e56a call 7ff8a82b253b 1219->1228 1220->1185 1220->1221 1221->1198 1226 7ff8a830e2f0-7ff8a830e2f5 1223->1226 1224->1226 1229 7ff8a830e334-7ff8a830e34a 1226->1229 1230 7ff8a830e2f7-7ff8a830e2fa 1226->1230 1227->1188 1228->1227 1229->1178 1229->1179 1230->1201 1232 7ff8a830e300-7ff8a830e303 1230->1232 1233 7ff8a830e309-7ff8a830e30c 1232->1233 1234 7ff8a830e500-7ff8a830e505 ERR_new 1232->1234 1235 7ff8a830e312-7ff8a830e318 1233->1235 1234->1214 1236 7ff8a830e2e8-7ff8a830e2ec 1235->1236 1237 7ff8a830e31a-7ff8a830e32a 1235->1237 1236->1226 1237->1229
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,?,-00000031,?,00007FF8A830E9A4), ref: 00007FF8A830E3D7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: M_grow_clean
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 964628749-0
                                                                                                                                                                                                                                          • Opcode ID: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                                                                                                                                                                                          • Instruction ID: d242ec3d227cecfb0ee5af7239d440a89f93e9f8144ae05f6dfa2146b12b92bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff409e93fcb0d36c1aaad829d7e6a47c84e60de949b34c47c74b208e88b9b461
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80418172B0AA8696EB24AF65E15037927A1EF44BC8F0C8535CE9D47798DF3CE441C724
                                                                                                                                                                                                                                          Function 00007FF8A82B1F46 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1238 7ff8a82b1f46-7ff8a82c056e call 7ff8a82b1325 call 7ff8a82b2176 1244 7ff8a82c0570-7ff8a82c0589 1238->1244 1245 7ff8a82c058a-7ff8a82c05a7 BIO_ctrl 1238->1245 1246 7ff8a82c05d9-7ff8a82c05e3 1245->1246 1247 7ff8a82c05a9-7ff8a82c05d2 1245->1247 1248 7ff8a82c05e5-7ff8a82c05f6 1246->1248 1249 7ff8a82c05f8-7ff8a82c0613 1246->1249 1247->1246 1248->1249 1250 7ff8a82c0619-7ff8a82c062a 1248->1250 1249->1250
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                                                          • Opcode ID: f7c6bf918bb27fd1467e601db5dcc4726319ecb0557afeb55f8d086d6d4849ab
                                                                                                                                                                                                                                          • Instruction ID: b86d8f55ef0a2a628de10c501f3d91c6dcb3c2511c044eee5973a93452fe807a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7c6bf918bb27fd1467e601db5dcc4726319ecb0557afeb55f8d086d6d4849ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5319A72A0AB8486E750CF21E400BEA77A0FB85B88F484136EF8D4BB59CF38D5448B14
                                                                                                                                                                                                                                          Function 00007FF8A82B1D43 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 1251 7ff8a82b1d43-7ff8a830ec3d call 7ff8a82b1325 BIO_ctrl 1255 7ff8a830ec3f-7ff8a830ec46 1251->1255 1256 7ff8a830ec47-7ff8a830ec58 1251->1256
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3605655398-0
                                                                                                                                                                                                                                          • Opcode ID: bfe36b7522bdb383b583256963e0cb7d483da4068be122a2aa8aa4264da1dd87
                                                                                                                                                                                                                                          • Instruction ID: 95c8cc273a0d9508bf5eef61472d2bf2bff24bdfeb34312df265121732443f73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfe36b7522bdb383b583256963e0cb7d483da4068be122a2aa8aa4264da1dd87
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8E0D8F2F0240246F71097A99446B6812A0EF48754F580030DA0C87682E76EE8D28618

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF8A82D5CF0 Relevance: 138.7, APIs: 77, Strings: 2, Instructions: 437COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8A82CFEB9), ref: 00007FF8A82D5D22
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8A82CFEB9), ref: 00007FF8A82D5D3A
                                                                                                                                                                                                                                          • ERR_set_error.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8A82CFEB9), ref: 00007FF8A82D5D4B
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8A82CFEB9), ref: 00007FF8A82D5D7B
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8A82CFEB9), ref: 00007FF8A82D5D93
                                                                                                                                                                                                                                          • ERR_set_error.LIBCRYPTO-3(?,?,00000000,00000000,00000000,00007FF8A82CFEB9), ref: 00007FF8A82D5DA4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$dane_tlsa_add
                                                                                                                                                                                                                                          • API String ID: 1552677711-3143159635
                                                                                                                                                                                                                                          • Opcode ID: 9e9553dd80f821e3d250195d58a09db151d301376fc2de9370bc1de1367aaf91
                                                                                                                                                                                                                                          • Instruction ID: 8a87a068dc102339bf462c239a3aa22629b9ffa0f1e68dfb47715a1ce71ba0ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e9553dd80f821e3d250195d58a09db151d301376fc2de9370bc1de1367aaf91
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF02AE26B1EA56B2FB50E720E8426B92250FF517C0F988831DA4D036D6EF7CF5468778
                                                                                                                                                                                                                                          Function 00007FF8A82B1C12 Relevance: 95.0, APIs: 36, Strings: 18, Instructions: 483COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$memcpy$D_get_sizeL_cleanseX_newX_reset$O_ctrl
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$CLIENT_EARLY_TRAFFIC_SECRET$CLIENT_HANDSHAKE_TRAFFIC_SECRET$CLIENT_TRAFFIC_SECRET_0$EARLY_EXPORTER_SECRET$EXPORTER_SECRET$SERVER_HANDSHAKE_TRAFFIC_SECRET$SERVER_TRAFFIC_SECRET_0$c ap traffic$c e traffic$c hs traffic$e exp master$exp master$finished$res master$s ap traffic$s hs traffic$tls13_change_cipher_state
                                                                                                                                                                                                                                          • API String ID: 3475700188-318917415
                                                                                                                                                                                                                                          • Opcode ID: b29c2bc6028ee1f1bb12059b3d6d67ed1f873342f9f61c88aa7ef0c1339314fb
                                                                                                                                                                                                                                          • Instruction ID: 1f4f85c0f62738ca8a2be6ac9955c07b6906698d507e20e7a2aaee869793323f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b29c2bc6028ee1f1bb12059b3d6d67ed1f873342f9f61c88aa7ef0c1339314fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0328C22A0AB42A6FB14DB61E9407F967A4FB847C4F440136EE4C43B99EF3CE555C728
                                                                                                                                                                                                                                          Function 00007FF8A82B1B54 Relevance: 84.6, APIs: 45, Strings: 3, Instructions: 596COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug$O_free$memcmp$X_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_as_hello_retry_request$tls_process_server_hello
                                                                                                                                                                                                                                          • API String ID: 1017169752-619482627
                                                                                                                                                                                                                                          • Opcode ID: 102599edab9d1245af7d949caaf4fea315e2b9aba34f003c4665bf76101dec50
                                                                                                                                                                                                                                          • Instruction ID: 6e2e1e48ac54af07716f63ae633f45c1d7503c422799c606d8e502df2bd8b43f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 102599edab9d1245af7d949caaf4fea315e2b9aba34f003c4665bf76101dec50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC52BD62B0AE42A5FB10DB61D8403B963A1FF54BC4F184532DE4D4778ADF7CE5658328
                                                                                                                                                                                                                                          Function 00007FF8A82C4980 Relevance: 77.2, APIs: 5, Strings: 39, Instructions: 243COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$AEAD$AES(128)$AES(256)$AESCCM(128)$AESCCM(256)$AESCCM8(128)$AESCCM8(256)$AESGCM(128)$AESGCM(256)$ARIAGCM(128)$ARIAGCM(256)$CHACHA20/POLY1305(256)$Camellia(128)$Camellia(256)$DHEPSK$ECDH$ECDHEPSK$GOST$GOST18$GOST2012$GOST89$GOST89(256)$GOST94$KUZNYECHIK$MAGMA$MD5$None$PSK$RSA$RSAPSK$SEED(128)$SHA1$SHA256$SHA384$SRP$SSL_CIPHER_description$any$unknown
                                                                                                                                                                                                                                          • API String ID: 2261483606-1235560867
                                                                                                                                                                                                                                          • Opcode ID: 5b02cb9eeec5661b9ae98409e0076dd2500787e843868fd6a9092c6d3f127e1d
                                                                                                                                                                                                                                          • Instruction ID: dc4c25489a45914f33a80a9ee6dd48a5df1a019b20754a1aafdc57f3373e6320
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b02cb9eeec5661b9ae98409e0076dd2500787e843868fd6a9092c6d3f127e1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39B190A2D0FA47B5F2B49754A4546FA6260FF403C0F994136DE4D125E88F3DBA4AD22C
                                                                                                                                                                                                                                          Function 00007FF8A82CCB40 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 234229340-1080266419
                                                                                                                                                                                                                                          • Opcode ID: d880deb2d9298275d53156e737d844acf5362dc37a70cb78887c417700b62fc2
                                                                                                                                                                                                                                          • Instruction ID: d48a253b3cd24261db1747fd63b7325e60f90bb05e6419aaea36548c640e6bf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d880deb2d9298275d53156e737d844acf5362dc37a70cb78887c417700b62fc2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0912F65B0AE43A0EB50EF25D5912B92321EF95FC4F4C5432DE0D4B69AEF2DE1428378
                                                                                                                                                                                                                                          Function 00007FF8A82DEB40 Relevance: 59.7, APIs: 31, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$R_newR_set_debug$R_set_error$D_lock_freeL_cleanse$D_lock_newL_sk_pop_freeO_clear_freeO_free_ex_dataO_new_ex_dataO_zallocX509_free_time64memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new$ssl_get_new_session
                                                                                                                                                                                                                                          • API String ID: 2281621947-2527649602
                                                                                                                                                                                                                                          • Opcode ID: 95ddfd2d6622c0488ef3d8d09f663b5d1dbe99b8f76b901feb038eb3a67387ac
                                                                                                                                                                                                                                          • Instruction ID: d235eee27280b4edee85677b914a7ea82071a4173db886f2f7862aeb9c6f5a5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95ddfd2d6622c0488ef3d8d09f663b5d1dbe99b8f76b901feb038eb3a67387ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBB19D29B0AF82A2FB44EF21D8553F82655FB94BC4F484435DD0C4B2AADF7CE5458728
                                                                                                                                                                                                                                          Function 00007FF8A82C7980 Relevance: 51.7, APIs: 25, Strings: 4, Instructions: 927COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$O_mallocstrncmp
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$ALL:!COMPLEMENTOFDEFAULT:!eNULL$DEFAULT$ssl_create_cipher_list
                                                                                                                                                                                                                                          • API String ID: 3221604530-3764566645
                                                                                                                                                                                                                                          • Opcode ID: 21b4a7d566a0b9a1864755d979d103a93e83fc87563cd864fd66615567e16f39
                                                                                                                                                                                                                                          • Instruction ID: 3dc8c13085cf839b09a6009a8d52428cf4cceaa4c600cf0ba6031983ffdde58b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21b4a7d566a0b9a1864755d979d103a93e83fc87563cd864fd66615567e16f39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD826BB2A0AB46A5DAA8CF49E4406B973A0FB14BC4F688436DF4C47348DF3DE951C764
                                                                                                                                                                                                                                          Function 00007FF8A82B1AD7 Relevance: 44.1, APIs: 23, Strings: 2, Instructions: 341COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\rec_layer_d1.c$do_dtls1_write
                                                                                                                                                                                                                                          • API String ID: 193678381-4025505965
                                                                                                                                                                                                                                          • Opcode ID: a7c7b7fc5af5383dc9e08314b4fe858693127c5e4806d23078acf27cddb7bcef
                                                                                                                                                                                                                                          • Instruction ID: 03f20e18ff5bc5b34d626f18c15474697e7a20988a4de88563bea1c341efc6d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7c7b7fc5af5383dc9e08314b4fe858693127c5e4806d23078acf27cddb7bcef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEF19B32A0AA82A6E724DB65D8047BD33A0FB54BC8F084136DE4D47699DF7CE816C724
                                                                                                                                                                                                                                          Function 00007FF8A82B1A23 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_dupN_free$O_freeO_strdup$R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c$ssl_srp_ctx_init_intern
                                                                                                                                                                                                                                          • API String ID: 2354240759-1794268454
                                                                                                                                                                                                                                          • Opcode ID: c98abb5af24d66d9a004150ee76f33fb4d169395e3b77ac11ed95962e5c191e9
                                                                                                                                                                                                                                          • Instruction ID: a912bfe027348d3fcc068f60fc78c7cb072809ec65bd253801742cc7ed455cdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c98abb5af24d66d9a004150ee76f33fb4d169395e3b77ac11ed95962e5c191e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74A18022A1BF82A1EB44DF24C5507B87360FB55B88F584235EE4C47399EF78E5A6C324
                                                                                                                                                                                                                                          Function 00007FF8A8329B30 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 182COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$X_free
                                                                                                                                                                                                                                          • String ID: $ $..\s\ssl\statem\statem_srvr.c$tls_process_cke_gost18
                                                                                                                                                                                                                                          • API String ID: 1470995052-4050591057
                                                                                                                                                                                                                                          • Opcode ID: 5b3c2a2a09d53af87e15bfb03ead91d3a04a26f3d1e54f3233eba0e1f7874035
                                                                                                                                                                                                                                          • Instruction ID: fdc0e994cb27a727046cd5a8e2b53055de9696dbe27f26db8de17960ee207eaf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b3c2a2a09d53af87e15bfb03ead91d3a04a26f3d1e54f3233eba0e1f7874035
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0819E21B1AA42A5F750EB21E812AF92251FFA4BC0F580132DD4E03696EF3CE5058768
                                                                                                                                                                                                                                          Function 00007FF8A8313D30 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313D7D
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313D95
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(00000000,?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313DB2
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313DF6
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313E0E
                                                                                                                                                                                                                                          • OPENSSL_cleanse.LIBCRYPTO-3(?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313FCD
                                                                                                                                                                                                                                          • OPENSSL_cleanse.LIBCRYPTO-3(?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313FDC
                                                                                                                                                                                                                                          • CRYPTO_clear_free.LIBCRYPTO-3(?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A8313FF4
                                                                                                                                                                                                                                          • CRYPTO_clear_free.LIBCRYPTO-3(?,?,?,?,?,?,00007FF8A8314E8C), ref: 00007FF8A831400C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_cleanseO_clear_freeR_newR_set_debug$memset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_psk_preamble
                                                                                                                                                                                                                                          • API String ID: 1611825735-1354659140
                                                                                                                                                                                                                                          • Opcode ID: f0b0c6ae9f2a3a96f58f045c612ed7969a4f6f77dd9cd9943b53f95771b2aa98
                                                                                                                                                                                                                                          • Instruction ID: aec5e3a4c38beeed58f09919c4976e453505dae9cbd33d3e25ed45c2b195deab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0b0c6ae9f2a3a96f58f045c612ed7969a4f6f77dd9cd9943b53f95771b2aa98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A718061B2AE8271FB10EB61E8417FA6214FF95BC4F480432DD4D4769AEF3CE5068768
                                                                                                                                                                                                                                          Function 00007FF8A82B1A05 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeR_newR_set_debug$memcpy$N1_item_free$O_strndupR_set_errorX509_free_time64
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_asn1.c$d2i_SSL_SESSION
                                                                                                                                                                                                                                          • API String ID: 1562032665-384499812
                                                                                                                                                                                                                                          • Opcode ID: f2b67360e93cc7c251f19407536e2c8d2d71b12425aaf939140afabcc349f3e2
                                                                                                                                                                                                                                          • Instruction ID: 8d0d704c8506b05cdd50b4b263815605f83fff51cfc7cfc10ec63a17e509219f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2b67360e93cc7c251f19407536e2c8d2d71b12425aaf939140afabcc349f3e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACD118A2A0AB82A2EB95DF25D5913B833A4FB44BC4F484035DF8D47799DF38E551C328
                                                                                                                                                                                                                                          Function 00007FF8A82B105F Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$O_clear_free$L_cleanse$O_freeY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe$tls_construct_cke_srp$tls_construct_client_key_exchange
                                                                                                                                                                                                                                          • API String ID: 3489626184-1288966340
                                                                                                                                                                                                                                          • Opcode ID: 291a65c868d8b8358ca95efb77113d199af24f8ed542b2b584cc2aca592cbcb3
                                                                                                                                                                                                                                          • Instruction ID: 6811f4d05f7f3ce9eaa5e44fe770543dbc6666903b7db1732ee7ceb7cba5f517
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 291a65c868d8b8358ca95efb77113d199af24f8ed542b2b584cc2aca592cbcb3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0915661A1BA82A1FB50EB61A8127B92251FF91FC4F5C4832DD4D0779ADF3CE5428378
                                                                                                                                                                                                                                          Function 00007FF8A82B1CBC Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 292COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$D_bytes_exD_get_size
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket$resumption$tls_construct_new_session_ticket
                                                                                                                                                                                                                                          • API String ID: 2724910838-1194634662
                                                                                                                                                                                                                                          • Opcode ID: 83a896fb222f9e5a3405d92e4efc941d066606fdf2a9b4053111e6681aa10e3f
                                                                                                                                                                                                                                          • Instruction ID: a29c66dcb377b6b4028287bf3b52e1706fb61c9420f15dcf1f6b7a92cdf9e296
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83a896fb222f9e5a3405d92e4efc941d066606fdf2a9b4053111e6681aa10e3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1D1BD32A1AB82A6EB10DB66D8456F96760FFA5BC4F480032DE4C47796EF3DE541C324
                                                                                                                                                                                                                                          Function 00007FF8A8312F60 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,00007FF8A8314ED9), ref: 00007FF8A8312F9A
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,00007FF8A8314ED9), ref: 00007FF8A8312FB2
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,00007FF8A8314ED9), ref: 00007FF8A8312FE0
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,00007FF8A8314ED9), ref: 00007FF8A8312FF8
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3(00000000,?,?,?,?,00007FF8A8314ED9), ref: 00007FF8A8313163
                                                                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-3(00000000,?,?,?,?,00007FF8A8314ED9), ref: 00007FF8A831316B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$O_freeY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_dhe
                                                                                                                                                                                                                                          • API String ID: 110670684-1216912219
                                                                                                                                                                                                                                          • Opcode ID: 395510645b137c47f07bacaa1f9a23a7a743694a654ff85290700790d89b11ba
                                                                                                                                                                                                                                          • Instruction ID: 29f8fbabea8afc677225ccb81f1e7bffc4545c9e04a1057b161d81f0c35888d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 395510645b137c47f07bacaa1f9a23a7a743694a654ff85290700790d89b11ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B51C021B1EB4761FB10E7A2A815AB96241EF95FD4F484431DD4D07B8AEF7CF5068328
                                                                                                                                                                                                                                          Function 00007FF8A831A930 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$O_freeO_mallocO_zalloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_hm_fragment_new
                                                                                                                                                                                                                                          • API String ID: 116187201-3452528785
                                                                                                                                                                                                                                          • Opcode ID: fe3d50635c5dad81642564eacd2de79c024f78d0fdea9b7383dc89e421b6f0e8
                                                                                                                                                                                                                                          • Instruction ID: 40d30375b090d8748e236197d4af08a978c45318089c7f081efd2fd9ac849aca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe3d50635c5dad81642564eacd2de79c024f78d0fdea9b7383dc89e421b6f0e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54418222A1AE42B5EB50DF25E4415A93350FF64BC1F480431DA4D43A96EF3CF546C768
                                                                                                                                                                                                                                          Function 00007FF8A82C70B0 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 357stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newstrncmp$R_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH$ssl_cipher_process_rulestr
                                                                                                                                                                                                                                          • API String ID: 1163294807-331183818
                                                                                                                                                                                                                                          • Opcode ID: 75b08b654c2f2e97f5e09b9c71eb3839d8696c64fca3119346ee776943bfacbe
                                                                                                                                                                                                                                          • Instruction ID: fc67fa93ac4998f787d449229f40b17edcdbb77061b2fcbb8546acb24a80644c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75b08b654c2f2e97f5e09b9c71eb3839d8696c64fca3119346ee776943bfacbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE1A0B2A1E6829EF7748A29A44077A77F1FB447C4F145035EF8D43698DB3CE8418B28
                                                                                                                                                                                                                                          Function 00007FF8A82FDB60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$O_freeR_set_debug$O_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$final_server_name$p
                                                                                                                                                                                                                                          • API String ID: 3774429508-428839542
                                                                                                                                                                                                                                          • Opcode ID: a3e9257f2e8818161d247c39271903df726ba5826a3275d388ee6d0be3dc4edf
                                                                                                                                                                                                                                          • Instruction ID: 9a07e3ba6a1bb4d5c8e5acd20382d8c216cb9494bc2122819ea799bd68ddf5d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3e9257f2e8818161d247c39271903df726ba5826a3275d388ee6d0be3dc4edf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F681A132B0AA82A6EB519B25D4443B92760FB91BC4F484132DE4D0779ECFBCE951C768
                                                                                                                                                                                                                                          Function 00007FF8A82B1A41 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$O_freeO_memdupmemcmp
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$tls_handle_alpn
                                                                                                                                                                                                                                          • API String ID: 2318126703-2192547331
                                                                                                                                                                                                                                          • Opcode ID: 1b4f6adfb6fb3290d486012925d32bd95aa5d00e0c2047962478a8a2109de9cd
                                                                                                                                                                                                                                          • Instruction ID: ddf6ce2b9b81fe86ff8d897d039aef52f31d898dfc2b89b8c3b2d2e87509cc10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b4f6adfb6fb3290d486012925d32bd95aa5d00e0c2047962478a8a2109de9cd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED61D272B0AA82A5E751EF25E4006E96350FB94BC4F4C0432DE8C07795EF7CE196C768
                                                                                                                                                                                                                                          Function 00007FF8A82CEC00 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_clear
                                                                                                                                                                                                                                          • API String ID: 71491925-3113474232
                                                                                                                                                                                                                                          • Opcode ID: 2095472d90ff3dc08af0a84f1048bf2662dd309149ed0cc4102f33ebd4f18d4f
                                                                                                                                                                                                                                          • Instruction ID: 9327694ae8bd9abe9f5176c9be8bacc57a666396418d8449a70e171c6f80d48d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2095472d90ff3dc08af0a84f1048bf2662dd309149ed0cc4102f33ebd4f18d4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04514C76A0AA8291E740EF21D8816BC33A4FB94BD8F484136DE5D4B69ADF38D481C735
                                                                                                                                                                                                                                          Function 00007FF8A82B19DD Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_copyN_free$N_dup$O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                          • API String ID: 3070725730-1778748169
                                                                                                                                                                                                                                          • Opcode ID: df38dbacce64862afa0680bc413e1b11140b6e2546048526193d0fc8ec849a9d
                                                                                                                                                                                                                                          • Instruction ID: d15038bafa1cb42a7dce35e2e02db1e99a56bf0a470b9fc914d7ad557008dd14
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df38dbacce64862afa0680bc413e1b11140b6e2546048526193d0fc8ec849a9d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0417F26A0BE4391FF55AF2594506B822A0EF40FC4F9C0635DD9D0B78DDF6CA861C228
                                                                                                                                                                                                                                          Function 00007FF8A82D5AE0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$O_realloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$dane_mtype_set
                                                                                                                                                                                                                                          • API String ID: 945340710-1331952108
                                                                                                                                                                                                                                          • Opcode ID: a5fb8cdb9169f96d0cee8378669304ac794cc4e23e31b906d06139075d0539ab
                                                                                                                                                                                                                                          • Instruction ID: f0bebe5ea57b71eb68bdda8897e48edcd61efae30a3b350e276e763bb74a9582
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5fb8cdb9169f96d0cee8378669304ac794cc4e23e31b906d06139075d0539ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D41F466A0AB86A2E710DB21E8016B96750FF647C8F884831DE4D13B95EF7CF442C738
                                                                                                                                                                                                                                          Function 00007FF8A82BCDC0 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freeO_popmemset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 4258461131-4238427508
                                                                                                                                                                                                                                          • Opcode ID: eac90d80ab1892479e6b29d93db2f92ad38ac07dc936192b5026b09f03e5609a
                                                                                                                                                                                                                                          • Instruction ID: 75a4bb45885c31846e1dcbb72a54847fdf2b9f2aa9f769e89fd4c55e4334dc24
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eac90d80ab1892479e6b29d93db2f92ad38ac07dc936192b5026b09f03e5609a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65313EA1B06A43A4EB40EB65D4517F82314EF56FC8F480435DD0D4B29AEF6DE245C339
                                                                                                                                                                                                                                          Function 00007FF8A82B204A Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$D_bytes_exO_freeO_mallocR_set_debug
                                                                                                                                                                                                                                          • String ID: $..\s\ssl\statem\statem_srvr.c$tls_construct_certificate_request
                                                                                                                                                                                                                                          • API String ID: 2305228085-266924759
                                                                                                                                                                                                                                          • Opcode ID: e7a0a7af654f9095b8c2b04fa46b69b17481d145f4127b98804b339c0835bc6b
                                                                                                                                                                                                                                          • Instruction ID: 18cc53b64fd7803395726e6fd8fa0354e70123849e36c589569b0d04734f3b6a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7a0a7af654f9095b8c2b04fa46b69b17481d145f4127b98804b339c0835bc6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E51A621B0BB4365F790AB2295553BA2291EF51BC4F1C4031DD4E4BBDAFF2DE5418329
                                                                                                                                                                                                                                          Function 00007FF8A831BB70 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 1144371060-3140652063
                                                                                                                                                                                                                                          • Opcode ID: 005eac6e481a255bb56be3ad85b278dab1839147e7f3a6c68da57bdba1b2c1c7
                                                                                                                                                                                                                                          • Instruction ID: a6aa93f5c43faa882879daaad427d625f4631258537f00ddf1dcc8e2f9380386
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 005eac6e481a255bb56be3ad85b278dab1839147e7f3a6c68da57bdba1b2c1c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5617021B0AE42A1EB54EB16D4512B92361FF90FC4F084435DE4D47799EF7DE5A2C328
                                                                                                                                                                                                                                          Function 00007FF8A82C3B30 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$D_lock_newO_freeO_zalloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_new
                                                                                                                                                                                                                                          • API String ID: 1324884158-262037048
                                                                                                                                                                                                                                          • Opcode ID: ac9b3856b89b31155a62abe4f320fdad406f86a0010b402bd73e260b736204f7
                                                                                                                                                                                                                                          • Instruction ID: d536cab0b445ddf747232261036b8ffcbbb481f821e77e071b345b3f8327663e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac9b3856b89b31155a62abe4f320fdad406f86a0010b402bd73e260b736204f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 592163B1E0AE42A1F755DB64E8427F93250EF24784F980835D90C06396EF7CB586C778
                                                                                                                                                                                                                                          Function 00007FF8A82B1C53 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                          • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                          • Opcode ID: 7b07e68a913cde0de273ed0ac5f4a265e6d35516b7a9a954a98d34e674c1fcca
                                                                                                                                                                                                                                          • Instruction ID: eaca72e15ba4d8d440f7ea58424af9d089ba600e6f5bdca5e18590d694e60dbf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b07e68a913cde0de273ed0ac5f4a265e6d35516b7a9a954a98d34e674c1fcca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91211213E1698291F740EF35C8917FC2320EBA5B8CF185631EE5D4A15AEF68A5D5C324
                                                                                                                                                                                                                                          Function 00007FF8A82F2C10 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_free$O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                                          • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                                          • Opcode ID: ee429db63b92b44f81d7029380106cb7e58cc14c187a489d3b6a82d9d9f87fd8
                                                                                                                                                                                                                                          • Instruction ID: 3b1949448df04c32c41b7eab7c4ed13f3bf04a5ea0c6d9b62c4c1ad1cbe25dab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee429db63b92b44f81d7029380106cb7e58cc14c187a489d3b6a82d9d9f87fd8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C21F113E16A8291F740EF35C8957FC2320EBA5B8CF186631EE5C4A15BEF68A5D5C324
                                                                                                                                                                                                                                          Function 00007FF8A82B1CEE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_free$memcpy$L_cleanseO_mallocmemset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 2649524955-4238427508
                                                                                                                                                                                                                                          • Opcode ID: 54861cc8c10a5ea19a508e3aafe4246723ec4046e1c82fe32822b547c4c7c7fe
                                                                                                                                                                                                                                          • Instruction ID: 749579da264cc3041619ccd98a4ad70f89ef6bfe6182b054bf07fc3ebbf95829
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54861cc8c10a5ea19a508e3aafe4246723ec4046e1c82fe32822b547c4c7c7fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33510F7270ABC2A6EB249F26A8046AA67A4FB41FC4F484035DF8D47759DF3CD152C328
                                                                                                                                                                                                                                          Function 00007FF8A8310D30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug$O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_cert_status_body
                                                                                                                                                                                                                                          • API String ID: 2635154176-3889181619
                                                                                                                                                                                                                                          • Opcode ID: af3541feb498d2bd6bc2b6b463a204f43216612096eb1e650581c50f414d8abc
                                                                                                                                                                                                                                          • Instruction ID: 5161733108d5749330bab3f901c2d5391b206a0dad7b25cbc2a0d9cd46448919
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af3541feb498d2bd6bc2b6b463a204f43216612096eb1e650581c50f414d8abc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C241A372F1AE4261EB40DB66E8512BD6351EF91BC0F4C8532CA9D07796DF3CE1468328
                                                                                                                                                                                                                                          Function 00007FF8A82B5C53 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 398COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_dataO_set_initO_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c$ssl_new
                                                                                                                                                                                                                                          • API String ID: 3664107999-4057307684
                                                                                                                                                                                                                                          • Opcode ID: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                                                          • Instruction ID: f45550a368b7606fec46c0e9d588cebbf08c98b53d84b846d01669877a7efca6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fe9d9adf47ecfc145edde16cadadc46be57d833d6aa4bd709a0663bcd577224
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24113662B1E982A1E745EB39A8512F82711EF9A7D4F4C4130E78C03A87EF2CE855CB14
                                                                                                                                                                                                                                          Function 00007FF8A82B1F37 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$P$U$[$`$tls_process_cert_status_body
                                                                                                                                                                                                                                          • API String ID: 4191474876-1928312256
                                                                                                                                                                                                                                          • Opcode ID: afe5790327c58893b51aedb21fdbb60031cf3104a4b5006bd1ff8237bc9c673d
                                                                                                                                                                                                                                          • Instruction ID: 24ac73f3867cb53d79768b146a5e1b2a952e31bc7a864fcd79f1ebc3b01b781c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afe5790327c58893b51aedb21fdbb60031cf3104a4b5006bd1ff8237bc9c673d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9531B261A0BF81A5EB009B5298442B977A0FB45FC0F584436DE8E47795EF7CE1568318
                                                                                                                                                                                                                                          Function 00007FF8A82C5B10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_nameP_get_typeP_zlib
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                          • API String ID: 439358363-1847046956
                                                                                                                                                                                                                                          • Opcode ID: ca5298499ed06fed10ddc4ea8fc59caf3b95fe992f612a6575fa8e4e939db649
                                                                                                                                                                                                                                          • Instruction ID: 827ec018979ecdf24611b0418f203bcf107e5ff581e5883eb58d07657a831102
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca5298499ed06fed10ddc4ea8fc59caf3b95fe992f612a6575fa8e4e939db649
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0110D60E0AE02A1FB04EF66B9592B56695FFA47C0F580035D90D0639AEF6CE1418738
                                                                                                                                                                                                                                          Function 00007FF8A81918A0 Relevance: 13.9, APIs: 9, Instructions: 424COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3719493655-0
                                                                                                                                                                                                                                          • Opcode ID: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                                                          • Instruction ID: 53701aa187769a50548a3b2afe364f30c0a9810b452aaf65d52cc1a3ddf86449
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19022672F0EE92A2E7268B24D44467977A5FB857C4F585131D68E827D4EF3CE880C328
                                                                                                                                                                                                                                          Function 00007FF8A8193068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                                                          • Instruction ID: 5e40234432ef5b45393919d879aa8a1731261a945b0e343de807cac0a0541ad9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9315E7260AF8196EB618F60E8503ED7360FB84788F44443ADA4E57B98EF3CD649C724
                                                                                                                                                                                                                                          Function 00007FF8A82E8D90 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$tls1_set_shared_sigalgs
                                                                                                                                                                                                                                          • API String ID: 3444577743-2900495476
                                                                                                                                                                                                                                          • Opcode ID: 2b54e1e7b8c55dac4ff1a2f827b4cdee1558097b5367ae047d6e27075aa84e29
                                                                                                                                                                                                                                          • Instruction ID: a78c62b703ba47ecc34b6e67ddb960ca6184c146d8423fdd6b9d6c42f4b9dda4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b54e1e7b8c55dac4ff1a2f827b4cdee1558097b5367ae047d6e27075aa84e29
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98819422A4A652A6F7659B01D1057BA2AA5FF44BC0F9D4031EE8D077D8EF3CE851C36C
                                                                                                                                                                                                                                          Function 00007FF8A82B20E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$tls1_set_server_sigalgs
                                                                                                                                                                                                                                          • API String ID: 2314896662-4283112319
                                                                                                                                                                                                                                          • Opcode ID: b5a51ca188305892e066ba89827df932ed5ef0fe1ff624b7ac2f03e66e65b729
                                                                                                                                                                                                                                          • Instruction ID: 8174bb830e281478c9e61930c54c03f3797429d6625a43676a8751ad2fba316c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5a51ca188305892e066ba89827df932ed5ef0fe1ff624b7ac2f03e66e65b729
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2761A272A0AA85A6F764CB10D4443F82BA4FB45BC4F580435DA8D47798EF3DE5A2C31C
                                                                                                                                                                                                                                          Function 00007FF8A82B1B90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_client_hello_get1_extensions_present
                                                                                                                                                                                                                                          • API String ID: 3444577743-3548336300
                                                                                                                                                                                                                                          • Opcode ID: a56876e12d39964c807f56196d92a1230fa0c8438abcbc10f6e1a163227674f9
                                                                                                                                                                                                                                          • Instruction ID: b699e0f6de6a06649321011fd00eb9d514526467c56be347f1fcea07442a6d0d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a56876e12d39964c807f56196d92a1230fa0c8438abcbc10f6e1a163227674f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8241A0B6A0BB42A2EB50CB15D8442B923A1FB54BC8F988431DF4D47798DFBDE441C324
                                                                                                                                                                                                                                          Function 00007FF8A8315B10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$R_newR_set_debugX_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_as_hello_retry_request
                                                                                                                                                                                                                                          • API String ID: 1348149560-64018843
                                                                                                                                                                                                                                          • Opcode ID: 213024ec94c4d53020c4a3cdbc762f6ab868902f1250f0574e6c7262abefee5e
                                                                                                                                                                                                                                          • Instruction ID: 27c9dc53b9f16c269627d44903b541e70e8f53bf17103ea04b3f1ff05fc73b18
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 213024ec94c4d53020c4a3cdbc762f6ab868902f1250f0574e6c7262abefee5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9431D822B1AA9152F710DB65E5003BEA360FB85FC4F544132EE8C47B99DF3DE5518B18
                                                                                                                                                                                                                                          Function 00007FF8A8306E70 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_malloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                          • API String ID: 2767441526-3973221358
                                                                                                                                                                                                                                          • Opcode ID: becee642dec9911cdf99d841678341c01fe53ffb54c9dbdd892f59512198e3e9
                                                                                                                                                                                                                                          • Instruction ID: b7ea39a3f85e1e9204f6804aadae5e54734b8daf40d4e206448adc1b74f762d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: becee642dec9911cdf99d841678341c01fe53ffb54c9dbdd892f59512198e3e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E315C3570AF82A1EB20DB46F8402AA73A4FB89BD0F484035EE8C47B59EF3CD1518754
                                                                                                                                                                                                                                          Function 00007FF8A82B1A32 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdupR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$D:\a\1\s\include\internal/packet.h$tls_parse_stoc_cookie
                                                                                                                                                                                                                                          • API String ID: 1971062095-124488715
                                                                                                                                                                                                                                          • Opcode ID: b1ad6ea68d2d557ef85a4ab732bcfafd8b4bd79c5b116be8b9ddc289d91a6fca
                                                                                                                                                                                                                                          • Instruction ID: b124553a6e77341f58ab2cc2544098164eba662d0895a87145c9d45a853ca22b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1ad6ea68d2d557ef85a4ab732bcfafd8b4bd79c5b116be8b9ddc289d91a6fca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D531E322B1EE91A2E7609F65E4016B973A0FB587C8F584531EB8C43745EF3CE2A1C718
                                                                                                                                                                                                                                          Function 00007FF8A82B1F23 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdupR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_use_psk_identity_hint
                                                                                                                                                                                                                                          • API String ID: 598019968-3050056966
                                                                                                                                                                                                                                          • Opcode ID: 4d8cbc90712f2c2a8a244063483a63d3fe98dbb5a713615f9f2eca5b89c03754
                                                                                                                                                                                                                                          • Instruction ID: 5223fc3290c3c1f2c52f8395197192c04a97b2e88f4befd3c67c07826c5b3c7d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d8cbc90712f2c2a8a244063483a63d3fe98dbb5a713615f9f2eca5b89c03754
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12210861F1AA82A5FB44DB25E4453B82790FF547C4F4C8431DB5D87386EF2CE4518B24
                                                                                                                                                                                                                                          Function 00007FF8A82C5A10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_newL_sk_pushL_sk_sortO_freeO_mallocP_get_type
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c
                                                                                                                                                                                                                                          • API String ID: 2104156618-1847046956
                                                                                                                                                                                                                                          • Opcode ID: eef5b8276f723590ae552029806c1d764aadef3c947d5a7e729dc9ea54875f5f
                                                                                                                                                                                                                                          • Instruction ID: 23d9811317528a25d57f6b474af468f8dc5463d5eead990392f00c6302fa0273
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eef5b8276f723590ae552029806c1d764aadef3c947d5a7e729dc9ea54875f5f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11112B60E0AE02A1FB04EB6AB9553B56295FFA47C0F580035D90C473D6FF2DE5418338
                                                                                                                                                                                                                                          Function 00007FF8A82B5E80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_freeO_get_dataO_get_initO_get_shutdownO_set_init
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\bio_ssl.c
                                                                                                                                                                                                                                          • API String ID: 3531300166-4039210333
                                                                                                                                                                                                                                          • Opcode ID: e2b2bff4dc1b175a44b1bbc1eebc8034e2b2f479dc93f042e1f9e036d7a24d64
                                                                                                                                                                                                                                          • Instruction ID: fe157636a21f9aceb70798d68cc0bcc470e844010f0ea8f507b770878d84f619
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2b2bff4dc1b175a44b1bbc1eebc8034e2b2f479dc93f042e1f9e036d7a24d64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A018F10F1BA4365FB48F76259172B90241DF95BD0F880031ED1E8B7CAEF2CE5514628
                                                                                                                                                                                                                                          Function 00007FF8A81912F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4139299733-0
                                                                                                                                                                                                                                          • Opcode ID: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                                                          • Instruction ID: 156fbcf64a0c72466d61ca4753c139a728e9971e29e80717de08283775d5b5ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5E1FFB2E1ED52A1EB268B25D05467933A5FB457D4F151231EA8F837C0DF2CE882C728
                                                                                                                                                                                                                                          Function 00007FF8A82C6990 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_run_onceL_sk_findL_sk_valueR_fetchR_get_flags
                                                                                                                                                                                                                                          • String ID: NULL
                                                                                                                                                                                                                                          • API String ID: 186275343-324932091
                                                                                                                                                                                                                                          • Opcode ID: a6c179ef234447bd525a8e688c8663066bb1ec9ff5bf4b2582420d1175b4c05f
                                                                                                                                                                                                                                          • Instruction ID: 6f788b60e9dc2fde5ba3b2a0818718c06ff307e26a6dc4b96f6e995e80e74206
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6c179ef234447bd525a8e688c8663066bb1ec9ff5bf4b2582420d1175b4c05f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE916AB1A0BA42A5FB618F11D85837A32A0EF447D4F19853ADF8D47689DF3DE9418328
                                                                                                                                                                                                                                          Function 00007FF8A82DCD30 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lockH_deleteH_set_down_loadL_sk_new_nullL_sk_pop_freeL_sk_push
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3753489959-0
                                                                                                                                                                                                                                          • Opcode ID: 9914aa009bf2706d232257a00a4532145c802b777111d464466de2946ea53f60
                                                                                                                                                                                                                                          • Instruction ID: 8483736e2dc4e654585f0b4b996641a3337a4b23015a152635c852dce0a099ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9914aa009bf2706d232257a00a4532145c802b777111d464466de2946ea53f60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E214421B0AA82A6EF64AF16D5452B96750FF95BC4F0C4031EE4D4BB8ADF7CE4118624
                                                                                                                                                                                                                                          Function 00007FF8A82B195B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: C_freeO_freeO_zallocX_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$HMAC
                                                                                                                                                                                                                                          • API String ID: 1369405219-2203423191
                                                                                                                                                                                                                                          • Opcode ID: 99c0f417389e3b353b54abd066b1e68878303dbd4918a570d850ad37f43cb307
                                                                                                                                                                                                                                          • Instruction ID: 2f75bcac86b18dba155c4bd193e8651df3df490be502af0badf083cd25cf608d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99c0f417389e3b353b54abd066b1e68878303dbd4918a570d850ad37f43cb307
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86217121B0BE82A1EA54DB26F45127D5790FF58BC0F8C0035EA5D47B8AFF2CE4818728
                                                                                                                                                                                                                                          Function 00007FF8A82B4BD0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\crypto\packet.c$WPACKET_start_sub_packet_len__
                                                                                                                                                                                                                                          • API String ID: 3755831613-182491764
                                                                                                                                                                                                                                          • Opcode ID: c24971b285db655ec1f09dd86150250d1c9e63bb8f1a94002749296bda690d79
                                                                                                                                                                                                                                          • Instruction ID: 9a27d17552a1fef1a86d6029ee502fcbefbfd838435143a1c62256649e8907ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c24971b285db655ec1f09dd86150250d1c9e63bb8f1a94002749296bda690d79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2521D162A0AB4191EB48CB14E5853B863A4FF28BC4F484135DE4C43799EF3CD9A1C358
                                                                                                                                                                                                                                          Function 00007FF8A82B4B10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\crypto\packet.c$WPACKET_start_sub_packet_len__
                                                                                                                                                                                                                                          • API String ID: 3755831613-182491764
                                                                                                                                                                                                                                          • Opcode ID: 1e86a7e218a2b9a8da94cbb508a3880bb7488e5f87c8f8817e4e08ba21853980
                                                                                                                                                                                                                                          • Instruction ID: 0b2d3196fab70c644de57ac5dc4cf482f79429e0c1ad45f3c6d5f0db6c843e0a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e86a7e218a2b9a8da94cbb508a3880bb7488e5f87c8f8817e4e08ba21853980
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A60171B2A07F41A1E704EB60E8857A932A0FB28BC4F584534D94C47795EF3DE9D5C364
                                                                                                                                                                                                                                          Function 00007FF8A831B0D0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FF8A831ADAD), ref: 00007FF8A831B260
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FF8A831ADAD), ref: 00007FF8A831B276
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FF8A831ADAD), ref: 00007FF8A831B28B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: CRYPTO_zalloc.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A96B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: ERR_new.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A978
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: ERR_set_debug.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A98E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: ERR_set_error.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A99E
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3(?,00000000,?,?,?,00007FF8A831ADAD), ref: 00007FF8A831B41D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 346603204-3140652063
                                                                                                                                                                                                                                          • Opcode ID: ef80318c4711b4b759b5a82d33388bf0b19f1c365fadacbfa456b2f4d669c9f1
                                                                                                                                                                                                                                          • Instruction ID: 58e5d7ef54e7ad28c06a87dbd14ab9fd70f92e35608e8e1340544540cfab08b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef80318c4711b4b759b5a82d33388bf0b19f1c365fadacbfa456b2f4d669c9f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DA1AF62A0AE8992EF60CB25D8401BE77A0FB55BC4F484236DB8D47A46EF3CE195C714
                                                                                                                                                                                                                                          Function 00007FF8A82B1CE9 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_zallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 1732214594-3140652063
                                                                                                                                                                                                                                          • Opcode ID: c868d4dfd6a9f340cca338141042200f4263b2814b26827709e83c5bbcc14bd7
                                                                                                                                                                                                                                          • Instruction ID: 1d543067acc4b1a02719cd290ebea74f0dcd0ad769d9ebeda7f2955700a43dfe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c868d4dfd6a9f340cca338141042200f4263b2814b26827709e83c5bbcc14bd7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F518C7260AB8191DB58CB26D4903AD77A0FB88F84F484436DF8D43359DF38D4A1C364
                                                                                                                                                                                                                                          Function 00007FF8A82B1E65 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_freeR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_client_key_exchange_post_work
                                                                                                                                                                                                                                          • API String ID: 868266018-2346923134
                                                                                                                                                                                                                                          • Opcode ID: 8060d9e474b776b1f00bca5609e53e321598cfed9c70609c30f4c190388fec38
                                                                                                                                                                                                                                          • Instruction ID: c501c0f53755d331e2399c345ebbb4b7b91e36af40b11c453863b4ca5abfcf53
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8060d9e474b776b1f00bca5609e53e321598cfed9c70609c30f4c190388fec38
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34219222B1AB8265FB44DB62E4057BA5250FF54FC4F484032ED8D4778ADF2DE5428764
                                                                                                                                                                                                                                          Function 00007FF8A82F8A90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer
                                                                                                                                                                                                                                          • API String ID: 4191474876-3943321158
                                                                                                                                                                                                                                          • Opcode ID: 7179749567c24ff9b156b58983e49f78a4e1d6337738c05156663fbc9d39120b
                                                                                                                                                                                                                                          • Instruction ID: 162195acf9be3b9551e2a89306c61c6d9d4fd05d6845b410f510993affee0839
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7179749567c24ff9b156b58983e49f78a4e1d6337738c05156663fbc9d39120b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0721F672F1AB5192FB549724E8417B862A0FB48BC0F480131EE5C83789DF6CECA2C758
                                                                                                                                                                                                                                          Function 00007FF8A831ACD0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: CRYPTO_zalloc.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A96B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: ERR_new.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A978
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: ERR_set_debug.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A98E
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A831A930: ERR_set_error.LIBCRYPTO-3(?,00007FF8A8319E38), ref: 00007FF8A831A99E
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A831AE8F
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A831AEA5
                                                                                                                                                                                                                                          • CRYPTO_free.LIBCRYPTO-3 ref: 00007FF8A831AEBA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                                          • API String ID: 346603204-3140652063
                                                                                                                                                                                                                                          • Opcode ID: 9b9e8fd4d713e6cee07f68fd58ce453d2ce1779889e7761b0fcc791db32be2a0
                                                                                                                                                                                                                                          • Instruction ID: c098945ee965935266e05fe4fcd1618277e7c23c7ab6b0f46ade8b57417020fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b9e8fd4d713e6cee07f68fd58ce453d2ce1779889e7761b0fcc791db32be2a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C61BF62A0AF8292EF54CB25D4502BD63A0FB98BC1F084135EF8D47B95EF3CE5918724
                                                                                                                                                                                                                                          Function 00007FF8A8306C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CRYPTO_realloc.LIBCRYPTO-3(?,?,?,00007FF8A8306F5A,?,?,?,00007FF8A8306A2E), ref: 00007FF8A8306D55
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_realloc
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c$3$t3
                                                                                                                                                                                                                                          • API String ID: 3931833713-171970420
                                                                                                                                                                                                                                          • Opcode ID: 9da2ee7f6ed94abba490b0466ec77b29cf4090a823a2c5c8fbc810d45b3f436b
                                                                                                                                                                                                                                          • Instruction ID: ef0c1cf97b41e0661fc90ec0158155475bfc1ece73e364efb303e4f104751675
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9da2ee7f6ed94abba490b0466ec77b29cf4090a823a2c5c8fbc810d45b3f436b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD418072A0AF8195EB64CB4AD880229A6F4EF447C4F588131DE8D43768EF3DE442C719
                                                                                                                                                                                                                                          Function 00007FF8A8307A40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-3973221358
                                                                                                                                                                                                                                          • Opcode ID: 9486b742b922ef7872c7a8d4928c7cb15fe9ed31e87cc66f9c1e352f56a3f0e9
                                                                                                                                                                                                                                          • Instruction ID: 1baaeb6d46f7345c5582a4302152cb06dd85ae44d97d01caf93a2817dbb04765
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9486b742b922ef7872c7a8d4928c7cb15fe9ed31e87cc66f9c1e352f56a3f0e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90118E32B1AE42A1EB109B55F4413AE6360FB84BC4F184036EA8C47759DF7DE141C754
                                                                                                                                                                                                                                          Function 00007FF8A82D8D10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free$Y_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 3642664693-1080266419
                                                                                                                                                                                                                                          • Opcode ID: a83b87e8f4fad10c5807a6a3c298eabe0426f8a3901183c89c0b6494ee05255a
                                                                                                                                                                                                                                          • Instruction ID: df0294ab31746c5a73dd69a825d104fbf397c14bd18a6996cd305d992adeb001
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a83b87e8f4fad10c5807a6a3c298eabe0426f8a3901183c89c0b6494ee05255a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E01A45F0BA02A0FB04A765D8522B81210EF56BC0F584831DE4D4AB96EF1DE5528629
                                                                                                                                                                                                                                          Function 00007FF8A82D1E60 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2272600717-0
                                                                                                                                                                                                                                          • Opcode ID: c69d3c574ace1660c03a52d6659538a827bdf0905eeedaf59d9631c44bfb8f24
                                                                                                                                                                                                                                          • Instruction ID: c321eb3fb240d37bcf7070de9e0559dc4cf0f00d812fbc1cbca0214f50511ce3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c69d3c574ace1660c03a52d6659538a827bdf0905eeedaf59d9631c44bfb8f24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B11E921B1DBC196EB64EB25E4513BEB358FB98BC4F180031DA8C8379AEF2CD1118B14
                                                                                                                                                                                                                                          Function 00007FF8A82B1CA3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_strdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c
                                                                                                                                                                                                                                          • API String ID: 2148955802-1527728938
                                                                                                                                                                                                                                          • Opcode ID: 1611209a176ae3b55ce8e3739aee067fd5bde5e7163b2c59ca7aaa397ffcbb6e
                                                                                                                                                                                                                                          • Instruction ID: 94d98acdfc253cf1a839e57613b1741c2e5eee746a680f06794c7b875d3fff34
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1611209a176ae3b55ce8e3739aee067fd5bde5e7163b2c59ca7aaa397ffcbb6e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B511C2F1B0AB82A1FB618755E18023D56A1FB44BC0F085435EB5E07B5EDF2CE4958318
                                                                                                                                                                                                                                          Function 00007FF8A82B1D84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                                          • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                                          • Opcode ID: bda14326991ddcc22a217b1be2d555ba5d063cd4a1681a7ab79ac5345ca7306d
                                                                                                                                                                                                                                          • Instruction ID: c5463aebeeb977dbaa533c34f6f89fde265f2c3fa3f3335d23b87f0c9a39104e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bda14326991ddcc22a217b1be2d555ba5d063cd4a1681a7ab79ac5345ca7306d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC118221A0AF8192E7918B15A4002B86694EB48FC4F1C0431EE4C5BB5DEF2DE5518718
                                                                                                                                                                                                                                          Function 00007FF8A82BF060 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeO_memdup
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                                          • API String ID: 3962629258-4238427508
                                                                                                                                                                                                                                          • Opcode ID: b3154613f53ef167ab7daa8a0e1c38d679cf26e8b6900d9a2b3324e2e10337e5
                                                                                                                                                                                                                                          • Instruction ID: 8c1b630eac1da4f2c74e3ba8a8dac9e83b46e65d598ae0765cd85f990debb66f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3154613f53ef167ab7daa8a0e1c38d679cf26e8b6900d9a2b3324e2e10337e5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18015E31B1BB81A5EA998B15E4443E9A2D0FF48BC0F484435EF5C87B59EF3CE5628314
                                                                                                                                                                                                                                          Function 00007FF8A82E4C28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_freeX_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2813942177-1643863364
                                                                                                                                                                                                                                          • Opcode ID: 2a3851bc6b421121bf5fc61dc6196838e5aba41983eeb31f72922d5ab2d269f7
                                                                                                                                                                                                                                          • Instruction ID: 5c15d1d0e8b28f524e296e5e240bdf4644544442adfb453259ec2772e3714c88
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a3851bc6b421121bf5fc61dc6196838e5aba41983eeb31f72922d5ab2d269f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F0E261F0BA03AAFB18A72684453B815D0EF59BC0F684031D90D47792FF1CF5828728
                                                                                                                                                                                                                                          Function 00007FF8A82D59F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 4ad0dbd46e3a53873decdf54c808e7085bfbce7e9fa66e66a0ba4a1ff10697f9
                                                                                                                                                                                                                                          • Instruction ID: 60f2a3ac5b900181cf3b919c66ae20365d293a42f5adbe5d1817a5c926c0d38a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ad0dbd46e3a53873decdf54c808e7085bfbce7e9fa66e66a0ba4a1ff10697f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89E09A62B06A42E1EB00AB35D8817A83360EB44F88F488430CA0C4B38AEF7DE644C334
                                                                                                                                                                                                                                          Function 00007FF8A82B4FA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                                          • Opcode ID: 0533db6f35875868336de72c479e4f075e2d979d5f2469592f3180d26624fe95
                                                                                                                                                                                                                                          • Instruction ID: 080c68216cf6f50a7324cb79a43826c7c56813b4daada4f4172c50bc97479122
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0533db6f35875868336de72c479e4f075e2d979d5f2469592f3180d26624fe95
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3419F71B1B742A5EE648B15E64837963E4FF18BC0F188835DE8D0BB89DF2DE4808764
                                                                                                                                                                                                                                          Function 00007FF8A82CE948 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                                          • Opcode ID: 3c1bc5ed2bfbfa9e325826b26eb4bf36f6436fbf29c652bcf3c9fc662e761251
                                                                                                                                                                                                                                          • Instruction ID: 111d92417e6484705a4e2f5d0050ebc75f2df2031cfffbc5fce0c41317a67e2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c1bc5ed2bfbfa9e325826b26eb4bf36f6436fbf29c652bcf3c9fc662e761251
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BE02B92F1998153F7A1C719F4810B96340EB89BD0F9C4130CB5D473A6FF1CD2918708
                                                                                                                                                                                                                                          Function 00007FF8A82B3EB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                                          • Opcode ID: b0a9a76e4914a811829e7ddcdb10a4b46a2734523956068a3a792f1464b1691e
                                                                                                                                                                                                                                          • Instruction ID: f22ce10da56bffb7f5fb1c7884dce0d26433101b06f55c9c901d9dae057503cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0a9a76e4914a811829e7ddcdb10a4b46a2734523956068a3a792f1464b1691e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9E09221B1BA4295EF54AB05F4497742260FF58BC4F5C0131EA4C47B89EF2CD4504314
                                                                                                                                                                                                                                          Function 00007FF8A82FDAF0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                                          • Opcode ID: 8724177c1e48e0554a0bfcb2cfd75b31f8ccabd07b616c583e81e0ae7f064d25
                                                                                                                                                                                                                                          • Instruction ID: 8e5235b1b014487557477f78c5d56764ec66429e00ea28046b3d6a561c111314
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8724177c1e48e0554a0bfcb2cfd75b31f8ccabd07b616c583e81e0ae7f064d25
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62E08CA2B03A8096F700AB55D8897A42350FB05B8AFA81430D94D4BB86EF7E9586C725
                                                                                                                                                                                                                                          Function 00007FF8A82B107D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                                          • API String ID: 2581946324-1643863364
                                                                                                                                                                                                                                          • Opcode ID: b393b900e37ea5ef3f3a429c33ed7b3b8c7153a8668125abedf165aa69c8d630
                                                                                                                                                                                                                                          • Instruction ID: 32f4b94adf2e93c34d08e5fd39043d2b99305f60ba773a8cdc906981432fe67f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b393b900e37ea5ef3f3a429c33ed7b3b8c7153a8668125abedf165aa69c8d630
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5D02E11F0B402B8EA00A302980A2F82320EF04BC0F280031DD1E87B8AEE0CF2068328
                                                                                                                                                                                                                                          Function 00007FF8A82B1F50 Relevance: 3.1, APIs: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1724170673-0
                                                                                                                                                                                                                                          • Opcode ID: 76c72ca7c1bce967fc53f6c273dcc2408a04be977ece6b75e3cfabe8f56385a8
                                                                                                                                                                                                                                          • Instruction ID: 7d86fd6d6171ef4165901ec656c29a7350917b56d38087ae39a83db85a04f2a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76c72ca7c1bce967fc53f6c273dcc2408a04be977ece6b75e3cfabe8f56385a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73216522B16A8192EF85CF25E4442BD2B94EB88FC8F185131EE4D8B75DDF68D4428714
                                                                                                                                                                                                                                          Function 00007FF8A82B1A16 Relevance: 3.0, APIs: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1724170673-0
                                                                                                                                                                                                                                          • Opcode ID: fe72d2f47833ff62f6eb34b41bf5ce1617c7cf36ca78cf4de7d7052a520eb316
                                                                                                                                                                                                                                          • Instruction ID: e4ea9745195b05cf25d2945a12df49c1886a3cc95fedc07009729e01384ff0d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe72d2f47833ff62f6eb34b41bf5ce1617c7cf36ca78cf4de7d7052a520eb316
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411A511B0AA8192EB45DF25E4843B91650FF88BC4F5C4030EE4D4B69ADF6DD4414724
                                                                                                                                                                                                                                          Function 00007FF8A82B198D Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1724170673-0
                                                                                                                                                                                                                                          • Opcode ID: 98599c86363d3f056cccf1b243fa6d626a799a01397ef12d8bfac5c70b291642
                                                                                                                                                                                                                                          • Instruction ID: 746d6d320e65e92113609635cf4a634ddf28db64f4b5afaa580ec6006fa5a389
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98599c86363d3f056cccf1b243fa6d626a799a01397ef12d8bfac5c70b291642
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCE0E522B0AA8191EB40A712F4413BD6250EB48BC4F1C0031FF4C4779AEF2CC5814215
                                                                                                                                                                                                                                          Function 00007FF8A8307CD0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                                                          • Opcode ID: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                                          • Instruction ID: a23afd1384162b622df79f4e6bbe4bb42fdd6886693236edee3866571319cd07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D0C916F1794296EB48B37A9D9A1B902D0FB80790FD88434E10DC2A91EE1ED9A74615
                                                                                                                                                                                                                                          Function 00007FF8A8300E50 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_memcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2788248766-0
                                                                                                                                                                                                                                          • Opcode ID: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                                          • Instruction ID: 409d5b21b1aa44e64dc749bad2c68675f35eccda8b35577cdac1d7a6e1c82a3e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5a219c8196130646d0c65d40c7297d186f2a1cae857866210e82eb57502604f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCD0C916F1794292EB48B37A9D961A902D0EB807D0FD88434E10EC2A91EE1DD9A78A15
                                                                                                                                                                                                                                          Function 00007FF8A82C5D80 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_run_once
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1403826838-0
                                                                                                                                                                                                                                          • Opcode ID: 4f13601369e88f98588c512a419e52cf2cbcb6989ded8b87b4034605507163d8
                                                                                                                                                                                                                                          • Instruction ID: c70e6444df5508df3050cef1c26b51269adcf68bc2cada5c6a8dbb4211d0bece
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f13601369e88f98588c512a419e52cf2cbcb6989ded8b87b4034605507163d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9D0A764F07803B6F748B738EC6B0B23250EF943C0F804036D40E82165EF1CE9068364
                                                                                                                                                                                                                                          Function 00007FF8A82C1950 Relevance: 73.7, APIs: 37, Strings: 5, Instructions: 205COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$L_sk_set_cmp_funcX509_$E_freeM_read_bio_O_freeX509X509_free$E_dupErrorL_sk_findL_sk_pushLastO_ctrlO_newO_s_fileO_snprintfR_clear_errorR_endR_readX509_get_subject_name_errno_stat64i32
                                                                                                                                                                                                                                          • String ID: %s/%s$..\s\ssl\ssl_cert.c$SSL_add_dir_cert_subjects_to_stack$SSL_add_file_cert_subjects_to_stack$calling OPENSSL_dir_read(%s)
                                                                                                                                                                                                                                          • API String ID: 2506108043-502574948
                                                                                                                                                                                                                                          • Opcode ID: 3e7396230678ba830db3e7ccb49d7ba82c152a1171f5fcb19e7bb87ff9ee3b0d
                                                                                                                                                                                                                                          • Instruction ID: fbd163f4ca833a653b06dbb7cce72f2f8c35639d1be79ac0b515d637903ca331
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e7396230678ba830db3e7ccb49d7ba82c152a1171f5fcb19e7bb87ff9ee3b0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8991B6A1A1EA8261F750EB11A4523FE6250EF947C0F984031EE8D4379AEF3CE506C72D
                                                                                                                                                                                                                                          Function 00007FF8A82F0930 Relevance: 66.7, APIs: 28, Strings: 10, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_set_debug$M_construct_octet_string$R_newR_set_errorX_free$D_get0_nameD_get_sizeF_deriveF_fetchF_freeM_construct_endM_construct_intM_construct_utf8_stringX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$TLS13-KDF$data$digest$key$label$mode$prefix$tls13 $tls13_hkdf_expand
                                                                                                                                                                                                                                          • API String ID: 2131617303-57965188
                                                                                                                                                                                                                                          • Opcode ID: c1bfe6db9c518b8f57ed47cfd29ba08204af4eda2012a5f786026bc60db0dfae
                                                                                                                                                                                                                                          • Instruction ID: 8aef6b521b9cb0b37d2c4ca321846f568e96d191d4604f47dec74aaca624a370
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1bfe6db9c518b8f57ed47cfd29ba08204af4eda2012a5f786026bc60db0dfae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DA1AD22E09E86A5E721DF64D8426F96720FFA57C8F085231EE4C1765AEF3CE285C314
                                                                                                                                                                                                                                          Function 00007FF8A82B1CB2 Relevance: 57.9, APIs: 31, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_X_set0_default$E_freeH_freeM_read_bio_O_freeR_newX509X509_free$E_dupH_newH_retrieveL_sk_new_nullL_sk_pop_freeO_ctrlO_newO_s_fileR_clear_errorR_set_debugR_set_errorX509_get_subject_nameX509_new_ex
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$SSL_load_client_CA_file_ex
                                                                                                                                                                                                                                          • API String ID: 1433350638-4230349072
                                                                                                                                                                                                                                          • Opcode ID: a7320d74349ba95cad3125b0ddbbca0f0050ec3768799640f05c67585b29605e
                                                                                                                                                                                                                                          • Instruction ID: a0f6972a3a0d4ef18210fefaffeae940481279faaf03a11ae33d3fc56e8c0252
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7320d74349ba95cad3125b0ddbbca0f0050ec3768799640f05c67585b29605e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22514F51B0FA4361FF55A766A8516BA5250EFA5BC0F580431EE4D0778AEF2CF4068268
                                                                                                                                                                                                                                          Function 00007FF8A8318F60 Relevance: 52.8, APIs: 27, Strings: 3, Instructions: 280COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83190D7
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83190E8
                                                                                                                                                                                                                                          • OSSL_PARAM_BLD_push_BN.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A831914B
                                                                                                                                                                                                                                          • OSSL_PARAM_BLD_push_BN.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319165
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83191AB
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83191C3
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319207
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_new_from_pkey.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319225
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319289
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83192A1
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319350
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A831935F
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319377
                                                                                                                                                                                                                                          • OSSL_PARAM_BLD_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319395
                                                                                                                                                                                                                                          • OSSL_PARAM_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A831939D
                                                                                                                                                                                                                                          • EVP_PKEY_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83193AA
                                                                                                                                                                                                                                          • EVP_PKEY_CTX_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83193B2
                                                                                                                                                                                                                                          • BN_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83193BA
                                                                                                                                                                                                                                          • BN_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83193C2
                                                                                                                                                                                                                                          • BN_free.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83193CA
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A83193EA
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,?,00000000,?,?,?,?,00007FF8A8316CAE), ref: 00007FF8A8319402
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug$N_free$D_push_N_bin2bnX_free$D_freeM_freeX_new_from_pkeyY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$pub$tls_process_ske_dhe
                                                                                                                                                                                                                                          • API String ID: 628451016-2653997673
                                                                                                                                                                                                                                          • Opcode ID: c360dac2dc78afcbd5a2ee858da871c7a532cd6d1c1ee72882e6dfe5b277ce00
                                                                                                                                                                                                                                          • Instruction ID: 968716c934aa39ff794e60c69a0caefd0b0fb7e2778068bda0cfcc299d44b817
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c360dac2dc78afcbd5a2ee858da871c7a532cd6d1c1ee72882e6dfe5b277ce00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22B1C561A1EE8261FB50E735A4112BE6350FF96BC4F484431EE8E07796EF3CE5528728
                                                                                                                                                                                                                                          Function 00007FF8A82BBB00 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 191COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_MD_CTX_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBB84
                                                                                                                                                                                                                                          • EVP_MD_CTX_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBB8C
                                                                                                                                                                                                                                          • memset.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBBED
                                                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBC01
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBC19
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBC38
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBC55
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBC72
                                                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBC8A
                                                                                                                                                                                                                                          • EVP_DigestInit_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBCA2
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBCC1
                                                                                                                                                                                                                                          • EVP_DigestUpdate.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBCDC
                                                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBCFB
                                                                                                                                                                                                                                          • OPENSSL_cleanse.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD1E
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD30
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD48
                                                                                                                                                                                                                                          • EVP_DigestFinal_ex.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD5A
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD71
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD78
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD84
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD90
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBD9C
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBDB4
                                                                                                                                                                                                                                          • EVP_MD_CTX_free.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBDD1
                                                                                                                                                                                                                                          • EVP_MD_CTX_free.LIBCRYPTO-3(?,00000000,?,?,?,00000000,00000000,00007FF8A82BC4CB), ref: 00007FF8A82BBDD9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$Update$R_new$Final_ex$Init_exR_set_debugX_freeX_new$L_cleansememcpymemset
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c$A$ssl3_generate_key_block
                                                                                                                                                                                                                                          • API String ID: 4105275626-2069633906
                                                                                                                                                                                                                                          • Opcode ID: ffffbaf81f35c92a875a0dace780bc3a502f1223bace350b89c50d58c3ea538d
                                                                                                                                                                                                                                          • Instruction ID: 6305f474961eff01c8b57d1427d744238209a219d2a4f14a577d5c3dc935ac43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffffbaf81f35c92a875a0dace780bc3a502f1223bace350b89c50d58c3ea538d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B371C562B0BA8365FF50A722D8452BA1750EF85BC4F485031EE4E4779AEF3CE506C768
                                                                                                                                                                                                                                          Function 00007FF8A82D4DB0 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_set_debug$R_new$R_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$bytes_to_cipher_list
                                                                                                                                                                                                                                          • API String ID: 3684861273-3103008854
                                                                                                                                                                                                                                          • Opcode ID: 9c24b0a1d1ba8f24c78ef99e69da2dc29f6552925e1b35ac02c5a2c8aab316ca
                                                                                                                                                                                                                                          • Instruction ID: 19b88647b66447ffdfe5158563230dfd5c82a694f6e22f87005008f8a66d57f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c24b0a1d1ba8f24c78ef99e69da2dc29f6552925e1b35ac02c5a2c8aab316ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A81A422E0E643A6FB55EB61A9417BA1690FF947C0F584431DD0C03ADADF7CE4828B75
                                                                                                                                                                                                                                          Function 00007FF8A82E5DB0 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugY_get_id
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$tls12_check_peer_sigalg
                                                                                                                                                                                                                                          • API String ID: 567803756-916071204
                                                                                                                                                                                                                                          • Opcode ID: fc5026c1a204b6ddd8dcf5160a8e23ffb13c361fea2e6725f2e3db832e205466
                                                                                                                                                                                                                                          • Instruction ID: 767a17b44bbf4e662dd43d5fbc659d7d4223aa5c6e23f2bc396c1ae25b987333
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc5026c1a204b6ddd8dcf5160a8e23ffb13c361fea2e6725f2e3db832e205466
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EB1DD31E1BA42A2FB64AB11D4512B92A92FF917C0F584431DA4D477DAEF3CE842C76C
                                                                                                                                                                                                                                          Function 00007FF8A82B20CC Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$Update$Final_exInit_ex$L_cleanseR_newR_set_debugX_freeX_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c$ssl3_generate_master_secret
                                                                                                                                                                                                                                          • API String ID: 284231625-143700668
                                                                                                                                                                                                                                          • Opcode ID: 97b96a8955ac91748196cad49aebfd042e64ceb6521c498ffc10a7203c6c4ea9
                                                                                                                                                                                                                                          • Instruction ID: aa07d1acbbd0513edf8830f4bfe3854c58fc40afc384dede218cf3ab885cfb24
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97b96a8955ac91748196cad49aebfd042e64ceb6521c498ffc10a7203c6c4ea9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB51F761B1BB8365FB10AB26E9457BA6290FF957C4F441030ED4D4778AEF3CE1068728
                                                                                                                                                                                                                                          Function 00007FF8A82B1F9B Relevance: 36.9, APIs: 19, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_errorX509_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate_file
                                                                                                                                                                                                                                          • API String ID: 2680622528-1790157741
                                                                                                                                                                                                                                          • Opcode ID: eee33ad83a78b87596353e581a6bb87e7817cfbe57f9ba82fee0351835cfaf18
                                                                                                                                                                                                                                          • Instruction ID: 3ea961a6d05e9f0c680029320e69c16d45669cacb91a6411a8f5372355bc0096
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eee33ad83a78b87596353e581a6bb87e7817cfbe57f9ba82fee0351835cfaf18
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47416C61E0EE46B1F710EB51E8425BD2650EF947C1F984432EA0E036DAEF7CF4468769
                                                                                                                                                                                                                                          Function 00007FF8A831DE40 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugX509_$X_free$R_clear_errorX_new_ex
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$ssl_add_cert_chain
                                                                                                                                                                                                                                          • API String ID: 1888251352-3046741138
                                                                                                                                                                                                                                          • Opcode ID: 506d8ca062435948340a61ea50f4a5f1a2b135e27477ca9cfd6104834a4b8ba1
                                                                                                                                                                                                                                          • Instruction ID: 80ede8d267a4398f1efb903960326e622e7eff6ee98adfa995da8a548217b51c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 506d8ca062435948340a61ea50f4a5f1a2b135e27477ca9cfd6104834a4b8ba1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7617E21F0BA9265FB50B7629451ABA5690EFA5FC0F4C4831DE0D47B86EF2DE5028328
                                                                                                                                                                                                                                          Function 00007FF8A82B19D8 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 271COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_client_hello
                                                                                                                                                                                                                                          • API String ID: 193678381-3629367348
                                                                                                                                                                                                                                          • Opcode ID: c19b77ee69fccebdcada72dcc2a302fc1777bd908dd456877a71b125138a534d
                                                                                                                                                                                                                                          • Instruction ID: 1ed46b9e9179986f6cb06662a4d3f8f3b41c468a5f794edded1a5df981b11800
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c19b77ee69fccebdcada72dcc2a302fc1777bd908dd456877a71b125138a534d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EB16F61B0BA8275FF50AA2698453BA2296FF41FC4F1C4031DE4D47A9ADF3CE542836D
                                                                                                                                                                                                                                          Function 00007FF8A82EBC90 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 169COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_printfO_puts$O_indentX509$M_write_bio_X509_freeX509_print_exd2i_
                                                                                                                                                                                                                                          • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d$certificate_list, length=%d$context
                                                                                                                                                                                                                                          • API String ID: 1298273312-331119655
                                                                                                                                                                                                                                          • Opcode ID: a6e9cd816b3a50e8b379d966f387581ab152df8ab3f3cef6b7569515ae4a651b
                                                                                                                                                                                                                                          • Instruction ID: ef2a096f5f596f4ee106490f93367bc339d59d946d8bc73b8d082985d1e04b70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6e9cd816b3a50e8b379d966f387581ab152df8ab3f3cef6b7569515ae4a651b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7161D422B0AA9166EB50CB15E8442B9BB91FF447D0F484131EE9D47B9AEF3CE541C728
                                                                                                                                                                                                                                          Function 00007FF8A82B1CDA Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$R_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_verify_client_post_handshake
                                                                                                                                                                                                                                          • API String ID: 3782669924-2026983811
                                                                                                                                                                                                                                          • Opcode ID: ed92c1a9e498a70bfb8e412ea057a7d1832812e4205eddcb93f8f39712e8818c
                                                                                                                                                                                                                                          • Instruction ID: 1c963145f6035663171d92d626cd45ab8dd344fe230c2ceedc82dfb794e208d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed92c1a9e498a70bfb8e412ea057a7d1832812e4205eddcb93f8f39712e8818c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59419C64E0E947B2F314EB20E8562F92611FF653C1FA88431D90D466EADF2CB906C678
                                                                                                                                                                                                                                          Function 00007FF8A82E6C80 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 366COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: DSA$RSA$gfffffff
                                                                                                                                                                                                                                          • API String ID: 0-2263753174
                                                                                                                                                                                                                                          • Opcode ID: de93300cda38d9fab00c6d2ac7951e5a915e570a899abb6ed72b62b95e554886
                                                                                                                                                                                                                                          • Instruction ID: 085a6e004f32f7fa4d94bf335642c4f68e2713f83bd6f7d9526da032f5017ee1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de93300cda38d9fab00c6d2ac7951e5a915e570a899abb6ed72b62b95e554886
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DD19321A0E6836BFE649A26955037A1AC5FF547C8F140536ED4E877C9FF3DE441822C
                                                                                                                                                                                                                                          Function 00007FF8A82CA930 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c$<EMPTY>$SSL_CONF_cmd$cmd=%s$cmd=%s, value=%s$ctrl_switch_option
                                                                                                                                                                                                                                          • API String ID: 1552677711-2097058995
                                                                                                                                                                                                                                          • Opcode ID: d37e8bc2247db8ea39923370b579b9681b4d89a9bf636e9b0f7c3792bd37da76
                                                                                                                                                                                                                                          • Instruction ID: ae845386001dc17ec83c2107f654753d135b203584407fe3f64d04275f25fab9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d37e8bc2247db8ea39923370b579b9681b4d89a9bf636e9b0f7c3792bd37da76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C61B2A2A0AA42A2FB41DB58E8012F96361FF947C4F584436DF4D43BD9DF3CE9418714
                                                                                                                                                                                                                                          Function 00007FF8A82B1DF7 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_use_RSAPrivateKey_file
                                                                                                                                                                                                                                          • API String ID: 1899708915-3218138449
                                                                                                                                                                                                                                          • Opcode ID: 385c8e12d2bc209590c5ecb29809949ec4750c0b7d70e070cf5d7d0270986ef9
                                                                                                                                                                                                                                          • Instruction ID: 0cf7a7766d009a8ba6166d5c09885e7b554de0816d30424419a881feaef9c7da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 385c8e12d2bc209590c5ecb29809949ec4750c0b7d70e070cf5d7d0270986ef9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39418E51E0FA4371F710EB6298021B96641EF94BC0F588431EE4E57B9AEF7CF5068B68
                                                                                                                                                                                                                                          Function 00007FF8A82B1041 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_freeL_sk_set_cmp_func$E_dupL_sk_findL_sk_pushM_read_bio_O_freeR_clear_errorR_newR_set_debugR_set_errorX509X509_freeX509_get_subject_name
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$SSL_add_file_cert_subjects_to_stack
                                                                                                                                                                                                                                          • API String ID: 3264509243-2950585956
                                                                                                                                                                                                                                          • Opcode ID: 19068060779952c9f761ab8a8120fff598d26ec3951dccb517bb078f230d58fa
                                                                                                                                                                                                                                          • Instruction ID: 3d950d9eefc86d33aef02ee9e4bbca8b19524219e5fd6fc8256bb0d6f1aa5254
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19068060779952c9f761ab8a8120fff598d26ec3951dccb517bb078f230d58fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB316351B0FA4361FF54BB66A4126BE5250DFA5BC0F580431EE4D47B8AEF6CF8028768
                                                                                                                                                                                                                                          Function 00007FF8A82E99E0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 295COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$D_get_sizeR_set_debugY_get_size
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\t1_lib.c$gfffffff$gfffffff$gfffffff$tls_choose_sigalg
                                                                                                                                                                                                                                          • API String ID: 2573607796-412855087
                                                                                                                                                                                                                                          • Opcode ID: c15afbe78bb01bcd70d637c6ea06af671b4bd5f70e8894de1d5a8abfe34ba7f4
                                                                                                                                                                                                                                          • Instruction ID: 10ad846c9765acbc7fdb590bd02ec6c5e4ffe61910442735ba7d0820b4aa74a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c15afbe78bb01bcd70d637c6ea06af671b4bd5f70e8894de1d5a8abfe34ba7f4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC1E121B4B646A7EB25AB16A0403B92A90FF85BD4F084136DE5D437D9EF3CF452832D
                                                                                                                                                                                                                                          Function 00007FF8A83129A0 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 195COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8314BBB), ref: 00007FF8A83129DC
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8314BBB), ref: 00007FF8A83129F4
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8314BBB), ref: 00007FF8A8312A21
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,00000000,?,?,?,00007FF8A8314BBB), ref: 00007FF8A8312A39
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$No ciphers enabled for max supported SSL/TLS version$ssl_cipher_list_to_bytes
                                                                                                                                                                                                                                          • API String ID: 193678381-2593539604
                                                                                                                                                                                                                                          • Opcode ID: d584ddfe7eaa467390292888a7cbf4e4318d3ca9e1b883146ba12cac7ef17471
                                                                                                                                                                                                                                          • Instruction ID: 16656e8d5919557ea92f2def13f80faed9747dd2a7dcf1d964cbba82f8d481b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d584ddfe7eaa467390292888a7cbf4e4318d3ca9e1b883146ba12cac7ef17471
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD71C522B1BA83A2FB51DB25E8417B92290EF44BD4F588431DE4D47B95DF3CE886C724
                                                                                                                                                                                                                                          Function 00007FF8A82B20D1 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$i2d_$L_sk_numR_set_debugX509_$L_sk_value
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_status_request
                                                                                                                                                                                                                                          • API String ID: 3024451675-148121689
                                                                                                                                                                                                                                          • Opcode ID: d1428318352c6b2745dea5dc192ae58ce7cf3d8c3326f8ea22e30f6ca020501a
                                                                                                                                                                                                                                          • Instruction ID: 46a2adba408edea4274499fd3cc778b44c32140f14450717ce5f6a6d17d92980
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1428318352c6b2745dea5dc192ae58ce7cf3d8c3326f8ea22e30f6ca020501a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68518E21B0FA4371FB50A7A298552F91265EF85BC4F4C4431DD4D87BCAEF2CEA428369
                                                                                                                                                                                                                                          Function 00007FF8A82B1D6B Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_CTX_use_RSAPrivateKey_file
                                                                                                                                                                                                                                          • API String ID: 1899708915-485430192
                                                                                                                                                                                                                                          • Opcode ID: ae8530f1739839953f3e5ca873c3b4328a673076554734d1a12c55647d94b769
                                                                                                                                                                                                                                          • Instruction ID: df4fba8b0b5f5cb5b9f176a4455039be0b1791dd2ce88d7a2945e1bd25d7c41b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae8530f1739839953f3e5ca873c3b4328a673076554734d1a12c55647d94b769
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0317B51F0EE02A1F750EB6298122B91241EF947C0F684431ED4E57B9BEF7CF4068B69
                                                                                                                                                                                                                                          Function 00007FF8A8321940 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$L_sk_numL_sk_valueO_new
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers$tls_setup_handshake
                                                                                                                                                                                                                                          • API String ID: 2488525820-2497654048
                                                                                                                                                                                                                                          • Opcode ID: 1ea2abbcb0a5b0ea4211ad3b53fc8916c12df6fa479c93c6fe42d2783a054ee4
                                                                                                                                                                                                                                          • Instruction ID: a26905626a6c83d95fc58a986b9b204f45690dbb4ad0ebec4008c85e580eb238
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ea2abbcb0a5b0ea4211ad3b53fc8916c12df6fa479c93c6fe42d2783a054ee4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76919F22A0AA82A6F750DB25D4443BD2360FB95BC8F5C4136DE8C47699EF3CF581C768
                                                                                                                                                                                                                                          Function 00007FF8A82B1B81 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DigestSign$Update$D_get_sizeFinalM_construct_endM_construct_size_tR_get_modeX_ctrlX_freeX_get0_cipherX_get0_mdX_get_pkey_ctxX_newX_set_params
                                                                                                                                                                                                                                          • String ID: tls-data-size
                                                                                                                                                                                                                                          • API String ID: 2598929643-2895545602
                                                                                                                                                                                                                                          • Opcode ID: 1a7a7e676e8a85e5fd75f23676235adf632c74f96e1659e0a6875ff832f67887
                                                                                                                                                                                                                                          • Instruction ID: 94482a5168eccff96752adb93785d840036aefecb51c2ceba6bce343df5d6112
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7a7e676e8a85e5fd75f23676235adf632c74f96e1659e0a6875ff832f67887
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF81E522E0AB92A5EB11DB65C4003BD27A0FB95BC8F088031DE4D5B749EF7CE956C324
                                                                                                                                                                                                                                          Function 00007FF8A82B1078 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_mcnf.c$b$name=%s$ssl_do_config$system_default
                                                                                                                                                                                                                                          • API String ID: 4067701900-3682008298
                                                                                                                                                                                                                                          • Opcode ID: 9f5b1f8f4d7a56bfb7d4158bdccb5994619789fc322e52036576ab942742e49a
                                                                                                                                                                                                                                          • Instruction ID: d073812770ed0c452a4b8a9351fc224a641822ff888c433142b7485c592bd87b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f5b1f8f4d7a56bfb7d4158bdccb5994619789fc322e52036576ab942742e49a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5551F761A0F643A5EB10EB51A8056F92791FF84BC4F448031EE4D4378AEF7CE546C764
                                                                                                                                                                                                                                          Function 00007FF8A82EEC70 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EVP_MD_get_size.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A82F0FE3), ref: 00007FF8A82EEC92
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A82F0FE3), ref: 00007FF8A82EEC9B
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A82F0FE3), ref: 00007FF8A82EECB3
                                                                                                                                                                                                                                          • EVP_CipherInit_ex.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A82F0FE3), ref: 00007FF8A82EEE98
                                                                                                                                                                                                                                          • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3(?,0000077C,?,?,00007FF8A82F0FE3), ref: 00007FF8A82EEEAD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CipherD_get_sizeInit_exR_newR_set_debugX_ctrl
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\tls13_enc.c$derive_secret_key_and_iv$key
                                                                                                                                                                                                                                          • API String ID: 2359698082-1803617066
                                                                                                                                                                                                                                          • Opcode ID: 696a213141455faa9ff17da660913f79db2f24ba0cf6463d734fc9240239c88f
                                                                                                                                                                                                                                          • Instruction ID: e67ae32a0e99a11c9caea272a2caec558df53a17d8eeac8168a784f796b655f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 696a213141455faa9ff17da660913f79db2f24ba0cf6463d734fc9240239c88f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC71A73660EB8256F7609B15A8417BA7694FB85BC4F484135ED8C43B99EF3CE1418728
                                                                                                                                                                                                                                          Function 00007FF8A82EBAF0 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_puts$O_indentO_printfX509X509_freed2i_
                                                                                                                                                                                                                                          • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d
                                                                                                                                                                                                                                          • API String ID: 4063798575-1858050172
                                                                                                                                                                                                                                          • Opcode ID: 527b0f517e9145397ede43d49dcb3b330cdb81a3940d9b5f37a0a9b7634a1f5e
                                                                                                                                                                                                                                          • Instruction ID: c603f8e2bbd4d1ec8cdd8c058e36f9e270e9d2967ff4b35f68d795c8c9241b49
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 527b0f517e9145397ede43d49dcb3b330cdb81a3940d9b5f37a0a9b7634a1f5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA310D12B0EE81AADB10DB16E8511BD6751EF45BD0F484532DE5D47B9AFF6CE002C728
                                                                                                                                                                                                                                          Function 00007FF8A82DA9E0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate$ssl_set_cert
                                                                                                                                                                                                                                          • API String ID: 1552677711-2944039091
                                                                                                                                                                                                                                          • Opcode ID: aea7a62b505d36449234635bc76e0be92653b206264229f0d9473404dc4bcce2
                                                                                                                                                                                                                                          • Instruction ID: 12dae5c8d821bea20e3250e744129f7363f4d505f52afe708de74ce95950eb72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aea7a62b505d36449234635bc76e0be92653b206264229f0d9473404dc4bcce2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A631D766F1A942A2F740EB25F8016B96360FF587C4F584531EA4C43B9AEF3CE541CB64
                                                                                                                                                                                                                                          Function 00007FF8A82EDD40 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_indentO_printf$O_puts
                                                                                                                                                                                                                                          • String ID: %02X$%s (len=%d): $Random:$gmt_unix_time=0x%08X$random_bytes
                                                                                                                                                                                                                                          • API String ID: 4010264686-1582741163
                                                                                                                                                                                                                                          • Opcode ID: 4faa941b37fcdc964b9e62d5eea3d4fcdc2d9b7e95b0b398cb7189b61d94447b
                                                                                                                                                                                                                                          • Instruction ID: 1be3d8348cc8eea078422c339c89d04d5d6fb058f41ff942615123eee414b4d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4faa941b37fcdc964b9e62d5eea3d4fcdc2d9b7e95b0b398cb7189b61d94447b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921CA22B0EE51A6E700DB2A98001BD6B51EB95BC5F494131ED5D07695EF7CD603C728
                                                                                                                                                                                                                                          Function 00007FF8A82EDEB0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 161COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s=0x%x (%s)$UNKNOWN$cipher_suite {0x%02X, 0x%02X} %s$compression_method: %s (0x%02X)$server_version$session_id
                                                                                                                                                                                                                                          • API String ID: 1860387303-3448146522
                                                                                                                                                                                                                                          • Opcode ID: e5151b5d1ba311886917093a921ec9204454593276ef4076a0d854b38fbd9c24
                                                                                                                                                                                                                                          • Instruction ID: 4b6952f9e820dcc4c80ff592eaac1d2afc6d11982f0c7f55b650544692cfcce8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5151b5d1ba311886917093a921ec9204454593276ef4076a0d854b38fbd9c24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12511832A0AA91A2EB60DB15E8042BA6B95FB85BD0F448131DEDD037D9EF3CD545C72C
                                                                                                                                                                                                                                          Function 00007FF8A8194808 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                                          • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                          • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                                          • Opcode ID: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                                                          • Instruction ID: a43c00ec47b187412746131571ac45bbc361864f78823efdd8a65a1b2e90922f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A415D61B0AE43A5EA168F11E86027973A1FF49BC9F944036CD4E57764EF3DE404C3A8
                                                                                                                                                                                                                                          Function 00007FF8A82D8B00 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_write_internal
                                                                                                                                                                                                                                          • API String ID: 1552677711-2859347552
                                                                                                                                                                                                                                          • Opcode ID: 4debfd64f7e5eb535d8b3e052774701b7195fb8ddc569b04f70dd0001da440ca
                                                                                                                                                                                                                                          • Instruction ID: 1a8249de5edfc19fbf187b661df0933c4d212808320ff4d4db6a0b493a8bfc1b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4debfd64f7e5eb535d8b3e052774701b7195fb8ddc569b04f70dd0001da440ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A41D431A0AA86A6F750DB24E8412BD3650FB54BC4F684531ED4D037E9DF3CE446CB68
                                                                                                                                                                                                                                          Function 00007FF8A81924D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                                                          • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                                          • API String ID: 2663085338-4141011787
                                                                                                                                                                                                                                          • Opcode ID: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                                                          • Instruction ID: adc95b8afeddf668ea1c637bc92f5c918c2a62906d2ed99199403fcabb9941bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43313A21E0FF03A5FA175B25E8242F832A1EF49BC4F445030D92E56BA9EF2DE545C328
                                                                                                                                                                                                                                          Function 00007FF8A82DAAF0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$X509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_certificate_ASN1
                                                                                                                                                                                                                                          • API String ID: 4137050946-3038676897
                                                                                                                                                                                                                                          • Opcode ID: c6f40b39c5523228d6602cf9bdb13ac2ed6b2d0e723d27ed7ff097313f0fdc60
                                                                                                                                                                                                                                          • Instruction ID: e624edc5d007bdf06070c41d49e6f337a630f7ce39ca79d35bf9df294e95f67b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6f40b39c5523228d6602cf9bdb13ac2ed6b2d0e723d27ed7ff097313f0fdc60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5921A751B2EA41A1EB80E725F8415BD6350FF987C0F981431FA4D4379AEF2CE446C714
                                                                                                                                                                                                                                          Function 00007FF8A82E49D0 Relevance: 19.6, APIs: 13, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: D_freeD_newD_push_D_push_uintD_to_paramM_freeN_freeN_get_rfc3526_prime_8192X_freeX_new_from_nameY_fromdataY_fromdata_init
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2253699700-0
                                                                                                                                                                                                                                          • Opcode ID: 8a65b535e552331fa47700704d4f9052b3df7707199684ef10e6f71c7db5d69b
                                                                                                                                                                                                                                          • Instruction ID: 47330e33925aad07092a5beca3e7f7ab2507776f542ab24cdbc1ea0a0347bcbc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a65b535e552331fa47700704d4f9052b3df7707199684ef10e6f71c7db5d69b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C419E11E0BA03AAFB24A76A90512BC2690FF95BC4F184135DE0D4739AFF2DE502832D
                                                                                                                                                                                                                                          Function 00007FF8A8319A90 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319C1C
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319C39
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319C56
                                                                                                                                                                                                                                          • BN_bin2bn.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319C6F
                                                                                                                                                                                                                                          • X509_get0_pubkey.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319CA7
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319CD0
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319CE8
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319D06
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(00000000,00000000,?,?,?,00007FF8A8316C91), ref: 00007FF8A8319D1E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: N_bin2bn$R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_ske_srp
                                                                                                                                                                                                                                          • API String ID: 589648786-2175212704
                                                                                                                                                                                                                                          • Opcode ID: aae21cb67a2bdc093b022af72e57035cabfd8458de464dc6f2f97cb19111c095
                                                                                                                                                                                                                                          • Instruction ID: 0f31827c99701e990266df8c265622be9b4515205b6372625e2937c8410dbbe0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aae21cb67a2bdc093b022af72e57035cabfd8458de464dc6f2f97cb19111c095
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D61D962E1EFC151EB219B25A8056BA7390FB997C4F5C8231EECD12656EF3CE190C724
                                                                                                                                                                                                                                          Function 00007FF8A81911B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                                          • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                          • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                                          • Opcode ID: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                                                          • Instruction ID: aae916c50f4adab8c921f51ab3ef97124739c8855b000804f1f832319f35b40b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E51B261F0EE43A1FB62AB35A4106797291EF56BC4F645131CD8D87B85EF2CE481C328
                                                                                                                                                                                                                                          Function 00007FF8A82B19EC Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_numL_sk_valueR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_use_srtp
                                                                                                                                                                                                                                          • API String ID: 2660725122-2269544924
                                                                                                                                                                                                                                          • Opcode ID: f325fb01198b6b57507b34d37c796a73c9f844c90a9fcc2e1d121f956633f299
                                                                                                                                                                                                                                          • Instruction ID: f1f5339f73d93041be17190c71dfc3e13cc5889bad2880fc2bca6063c5d374b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f325fb01198b6b57507b34d37c796a73c9f844c90a9fcc2e1d121f956633f299
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6051B372A0FF92A1E714DB91E8452BA67A5EB447D0F494236D95C43785EF7CE041C328
                                                                                                                                                                                                                                          Function 00007FF8A81943F4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                                          • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                                          • Opcode ID: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                                                          • Instruction ID: b9b85df809fa39087e7d49362eddb51e78d95cab3fca7cd8ba3249b7b7298b2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D941D862B0AE82A1FB268B15E8143B933A1FF59BE4F540235C96E476C4DF3CE545C364
                                                                                                                                                                                                                                          Function 00007FF8A82D8E10 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X_set0_default$R_newR_set_debugR_set_errorconf_ssl_getconf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_mcnf.c$ssl_do_config$system_default
                                                                                                                                                                                                                                          • API String ID: 383195463-1219018032
                                                                                                                                                                                                                                          • Opcode ID: 359d8cc3995042376f4552379c1f3f6693089bb0189b9cb5c2a7c3d0ba5d8e94
                                                                                                                                                                                                                                          • Instruction ID: a182c2509710042169b0b86eb0a0125b195ad05631ce181af38a561ed9aa051b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 359d8cc3995042376f4552379c1f3f6693089bb0189b9cb5c2a7c3d0ba5d8e94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C231B622A0EA47A6EB10EB55E4411B96751FF857C0F884431EE4D43B9ADF3CE445CB64
                                                                                                                                                                                                                                          Function 00007FF8A82B1C21 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_int_ctrlO_method_typeO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_set_wfd
                                                                                                                                                                                                                                          • API String ID: 475579866-2547745303
                                                                                                                                                                                                                                          • Opcode ID: d85e65c040ba6476efc46dcf5400153df1fbacbc7d13768b7dfbe919c78e6dd2
                                                                                                                                                                                                                                          • Instruction ID: 2ad8fd636cb84800a306eba0ddd8de007ebe9a2d039a5cab40d28123956868a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d85e65c040ba6476efc46dcf5400153df1fbacbc7d13768b7dfbe919c78e6dd2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A811D522F1AA4262FB54EB15E8526BA5640FF647C0F4C1931ED0E0779AEF2CE5428B64
                                                                                                                                                                                                                                          Function 00007FF8A82CEAF7 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_check_private_key
                                                                                                                                                                                                                                          • API String ID: 1552677711-2796319112
                                                                                                                                                                                                                                          • Opcode ID: 3538371cedf08bb77b1a74baf91e0bea9ccaffdb6a36c88db20adb1209e384a5
                                                                                                                                                                                                                                          • Instruction ID: 8e8980802123b53512cd227637dec3e56ecdde1282a93489dc34bc04f743f380
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3538371cedf08bb77b1a74baf91e0bea9ccaffdb6a36c88db20adb1209e384a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E21C369A2AA03B2F780E730D8525F92251FF603C5FE84532D90D026E5EF2CF5478725
                                                                                                                                                                                                                                          Function 00007FF8A82B1CF3 Relevance: 18.1, APIs: 12, Instructions: 125COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: T_free$P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_newR_set_debugR_set_errorX509_get_ext_d2id2i_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2948080378-0
                                                                                                                                                                                                                                          • Opcode ID: c267950beb6e5d634e6d0657e30d9b367b83b653480e7b857fffe96261470fc5
                                                                                                                                                                                                                                          • Instruction ID: bf1a2048ee5c1a9c86f72f81eab25145392bc1a967cdf51a63dbb63617dc7608
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c267950beb6e5d634e6d0657e30d9b367b83b653480e7b857fffe96261470fc5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5841D511F0F74252FA14AB6290557BA6690EF81BC0F584034DE4D07B9AFFBDE4428B28
                                                                                                                                                                                                                                          Function 00007FF8A82C9080 Relevance: 18.1, APIs: 12, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C90AB
                                                                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C90C4
                                                                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C90D5
                                                                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C90F0
                                                                                                                                                                                                                                          • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C90FC
                                                                                                                                                                                                                                          • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C9119
                                                                                                                                                                                                                                          • OPENSSL_sk_unshift.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C913F
                                                                                                                                                                                                                                          • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C9151
                                                                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C9161
                                                                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C916D
                                                                                                                                                                                                                                          • OPENSSL_sk_set_cmp_func.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C917F
                                                                                                                                                                                                                                          • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FF8A82C5694), ref: 00007FF8A82C918F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_freeL_sk_num$L_sk_dupL_sk_value$L_sk_set_cmp_funcL_sk_unshift
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 621534355-0
                                                                                                                                                                                                                                          • Opcode ID: 178bee6722321e65cfedf7eb940de1229f7e8b50f333a6977fd5bd260898bda3
                                                                                                                                                                                                                                          • Instruction ID: 5be13fa5fdd43bc6f185e9e415fd5a9ce1b53f9157a1ddafd69c403fdd0eff5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 178bee6722321e65cfedf7eb940de1229f7e8b50f333a6977fd5bd260898bda3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D731A361B4AB4265EB14EB27A8551B96791EFD9BC0F0C4034EF4E47386EF3DE4128728
                                                                                                                                                                                                                                          Function 00007FF8A82BB930 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$DigestO_writeUpdate
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c$ssl3_finish_mac
                                                                                                                                                                                                                                          • API String ID: 756221159-923099695
                                                                                                                                                                                                                                          • Opcode ID: a95665bcd28634358247280886fd913cb70f0aef32b7187c71788c1eaa285f1f
                                                                                                                                                                                                                                          • Instruction ID: fd19f6d629ca6ca92fef52765c63353f8b5d6bca85a3449cbf68f8492b13f11c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a95665bcd28634358247280886fd913cb70f0aef32b7187c71788c1eaa285f1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD21D321F1E9426AFB90E721F946BF91250EF947C0F880131ED1C8369AEF2CE5518718
                                                                                                                                                                                                                                          Function 00007FF8A82C5E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_free$F_parse_listL_sk_new_nullL_sk_numR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_ciph.c$set_ciphersuites
                                                                                                                                                                                                                                          • API String ID: 1606736437-2539045550
                                                                                                                                                                                                                                          • Opcode ID: b7770b560510154618cfcd1cddf6cef53d88e820c3abd95c18e99f9170c952c6
                                                                                                                                                                                                                                          • Instruction ID: 32b24d4b30f817884a7aa91d8e5f9544eecbeb1b3fbe771602403811a6837098
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7770b560510154618cfcd1cddf6cef53d88e820c3abd95c18e99f9170c952c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA115E21B1AB8261F750EB25F9022B96260EF957C4F984431EB4C43B9AEF3DE552C718
                                                                                                                                                                                                                                          Function 00007FF8A82D79C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_f_bufferO_int_ctrlO_newO_push
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_init_wbio_buffer
                                                                                                                                                                                                                                          • API String ID: 1655923927-1860519770
                                                                                                                                                                                                                                          • Opcode ID: 07ef0fb7d60d19cdaccef97091bbc29893d822b5b0c197d7fe457630323bdb58
                                                                                                                                                                                                                                          • Instruction ID: 258a3c4a1230573e2aee40952924d92d93caa7d1d9666b6abce5ac4ffabe96d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07ef0fb7d60d19cdaccef97091bbc29893d822b5b0c197d7fe457630323bdb58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE119422F1AA4262F750EB61F9427B92290EF643C0F881531EA4D47B86FF3CE5918754
                                                                                                                                                                                                                                          Function 00007FF8A8192740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                                                          • Instruction ID: cbdb4cd65c73e604ebe96eec27256036982fdd44ed90b140271514b702363afa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F81E021E0FA43B6FA66AB6694412B972D0EF857C0F144035D92C937A6DF3CE845C338
                                                                                                                                                                                                                                          Function 00007FF8A82E6E76 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_valueY_is_a
                                                                                                                                                                                                                                          • String ID: RSA
                                                                                                                                                                                                                                          • API String ID: 205993254-3431517
                                                                                                                                                                                                                                          • Opcode ID: 2f4dc06f2dede2a1db1f718bcf681d8b6063975cff7657084d070691f0a8d21d
                                                                                                                                                                                                                                          • Instruction ID: cb3551eefb14a322b0e13bd2cc1234a1a81bc458f409b8d8a14949a5f3f932af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f4dc06f2dede2a1db1f718bcf681d8b6063975cff7657084d070691f0a8d21d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90716061A0F683ABFA648A6295503B92AD1EF51BC4F184432ED0E477CDFF3DE441922D
                                                                                                                                                                                                                                          Function 00007FF8A82C3D40 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_pop_freeL_sk_valueR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_set0_chain
                                                                                                                                                                                                                                          • API String ID: 4258318168-2020944375
                                                                                                                                                                                                                                          • Opcode ID: 676b04d5c561caa46ed3cbe1cbb091fc7719fb62007114da1707f81ac96fb9bf
                                                                                                                                                                                                                                          • Instruction ID: a5857b851988024981c8d9c12470968a8a805e9fb56c4e078676e0cd179a4061
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 676b04d5c561caa46ed3cbe1cbb091fc7719fb62007114da1707f81ac96fb9bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D21A662B0AB8266E750DB16B9051BA6350FF54BD0F580831EF4D83B9AEF7CE4528718
                                                                                                                                                                                                                                          Function 00007FF8A82D7DF0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_read_internal
                                                                                                                                                                                                                                          • API String ID: 1552677711-1892056158
                                                                                                                                                                                                                                          • Opcode ID: b7bb0f8f0bf7d0024ae74c1eb72a6c5e298df64c6c8bd7127caa5be1f139f7e8
                                                                                                                                                                                                                                          • Instruction ID: 2c8cba5a18afc2f996e840d080a7848b3fb74a695524c917d219a3cb35227158
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7bb0f8f0bf7d0024ae74c1eb72a6c5e298df64c6c8bd7127caa5be1f139f7e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9031A632A0EB86A9E750DB15E8412B93660FB54BC4F984532EE4D437E9DF3CE841CB64
                                                                                                                                                                                                                                          Function 00007FF8A8310EFB Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_initial_server_flight$tls_process_server_done
                                                                                                                                                                                                                                          • API String ID: 193678381-2920457334
                                                                                                                                                                                                                                          • Opcode ID: 082bd874eba9e9e42d5e5540a96c8da1327ed9caeb4422a83e20eab46406b4eb
                                                                                                                                                                                                                                          • Instruction ID: b8cb6461490e987ec9ae7c953b80dd91233690add251334b6ec79457495fa57e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 082bd874eba9e9e42d5e5540a96c8da1327ed9caeb4422a83e20eab46406b4eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86317A21F5EE46A0FB109B66E8253B91250EF91BD4F4C0132DC0D473EADF6CE8428729
                                                                                                                                                                                                                                          Function 00007FF8A82B1D66 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_enable_ct$SSL_set_ct_validation_callback
                                                                                                                                                                                                                                          • API String ID: 1552677711-3628548113
                                                                                                                                                                                                                                          • Opcode ID: af18ac3fa5104677051fd8ff2b8afa2420b739a83e4e69ff01b98ca5bc8751df
                                                                                                                                                                                                                                          • Instruction ID: 119782e81c023514372b24e5660bf51cf750d391c7326325479e8f5051f522f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af18ac3fa5104677051fd8ff2b8afa2420b739a83e4e69ff01b98ca5bc8751df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E721A166F1B942B2F790DB60E8427F92250EF54381FD88431D90C466E5EF6CE946CB39
                                                                                                                                                                                                                                          Function 00007FF8A81945B8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                                          • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                          • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                                          • Opcode ID: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                                                          • Instruction ID: e41d32b5149c5e8ec1b83f4a760747301b5dc4777a59fe9b949b883fc5129267
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D52128B1B0AE47B5EB528F25E8541B933A0FF54BC8F448431CA0E87668EF2CE545C368
                                                                                                                                                                                                                                          Function 00007FF8A82B1960 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlO_freeO_newO_s_fileR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_txt.c$SSL_SESSION_print_fp
                                                                                                                                                                                                                                          • API String ID: 1031916422-1029007293
                                                                                                                                                                                                                                          • Opcode ID: 106a9bd55cb2b8fb8e07b790415dcdd5f0f90def6dcc75b4bb8a8cafdc8ce664
                                                                                                                                                                                                                                          • Instruction ID: fe7e18ef744eddc78d7ca667e60cb51a4819e838d159d61bfb0f0a9e7095d95e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 106a9bd55cb2b8fb8e07b790415dcdd5f0f90def6dcc75b4bb8a8cafdc8ce664
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2101E521B2EA4262E740F766F9425B95351FF587C0F480430F94D43B8AEF2CF5468728
                                                                                                                                                                                                                                          Function 00007FF8A82BD007 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                                          • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                                          • Opcode ID: c982e72dc8842ef8697da7e67be4a141007e68b6d6ce3408c5a9b7b1f50a2940
                                                                                                                                                                                                                                          • Instruction ID: 6b7b1f2944ca63d2d2e82ff3417cdf95232acef12ed64b838c53f2f6c2a5af38
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c982e72dc8842ef8697da7e67be4a141007e68b6d6ce3408c5a9b7b1f50a2940
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF117C05A5F902BAF750E7A0A5066F91250EF553C0F580835D90E07BCAEF2DF442D278
                                                                                                                                                                                                                                          Function 00007FF8A8307030 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_cust.c$custom_ext_add
                                                                                                                                                                                                                                          • API String ID: 193678381-2497583336
                                                                                                                                                                                                                                          • Opcode ID: d259bc1a2b139dd0eaedf32847196cf22ef83c98b8ffc17d75f6a5e78f646a45
                                                                                                                                                                                                                                          • Instruction ID: ee58d0daa276c9dbd7a4975cced9f16f3ffc0f687c5af9a3ec52e0b58fb31840
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d259bc1a2b139dd0eaedf32847196cf22ef83c98b8ffc17d75f6a5e78f646a45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6471C531B0AA9665E764DF92E448BBA63A8FB44BC1F084536ED8C43788DF3DE441C764
                                                                                                                                                                                                                                          Function 00007FF8A82B19B5 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$tls_construct_extensions
                                                                                                                                                                                                                                          • API String ID: 193678381-3223585116
                                                                                                                                                                                                                                          • Opcode ID: 08c787ae1785d2847f6281a6e49616cb10735eef7c1c654edfaa429469bbfcdf
                                                                                                                                                                                                                                          • Instruction ID: f2b1146f120bc526617b955e78172275692180d8c86226a454dde49210f51e44
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08c787ae1785d2847f6281a6e49616cb10735eef7c1c654edfaa429469bbfcdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0751B122A0A682A6F760DB26E8447B96290FF84BC4F484431DE8D4379DDF7CE955C728
                                                                                                                                                                                                                                          Function 00007FF8A82B1BAE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                                          • String ID: exporter
                                                                                                                                                                                                                                          • API String ID: 3991325671-111224270
                                                                                                                                                                                                                                          • Opcode ID: c449bca63d821f0470d4603290d40571543344f1adfc599f327d5d276f3cdc0f
                                                                                                                                                                                                                                          • Instruction ID: 4a8d3c4f43c79f47b978cecc63b334af049e292ea72a74b1c1258e0b101a814d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c449bca63d821f0470d4603290d40571543344f1adfc599f327d5d276f3cdc0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C517332A0AB8256EB619B11A9507FA6390FF89BC4F440036EE8D4774DEF3CE945C718
                                                                                                                                                                                                                                          Function 00007FF8A8322F70 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00007FF8A832299D,?,?,?,?,00000000,?,?,?,00007FF8A8326186), ref: 00007FF8A8322FFE
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,00007FF8A832299D,?,?,?,?,00000000,?,?,?,00007FF8A8326186), ref: 00007FF8A8323016
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00007FF8A832299D,?,?,?,?,00000000,?,?,?,00007FF8A8326186), ref: 00007FF8A8323086
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,00007FF8A832299D,?,?,?,?,00000000,?,?,?,00007FF8A8326186), ref: 00007FF8A832309E
                                                                                                                                                                                                                                          • ERR_new.LIBCRYPTO-3(?,00007FF8A832299D,?,?,?,?,00000000,?,?,?,00007FF8A8326186), ref: 00007FF8A83230CD
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,00007FF8A832299D,?,?,?,?,00000000,?,?,?,00007FF8A8326186), ref: 00007FF8A83230E5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$create_ticket_prequel
                                                                                                                                                                                                                                          • API String ID: 193678381-2110699330
                                                                                                                                                                                                                                          • Opcode ID: 04fc0e7669b3e38b0089f8eff0e23bc172fd4d70f1faef56ca299b4853214b4a
                                                                                                                                                                                                                                          • Instruction ID: 8bf3ed7edc73f01b75e262485397f48ed81a2410700ee9de04fd521c45e6943a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04fc0e7669b3e38b0089f8eff0e23bc172fd4d70f1faef56ca299b4853214b4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A41D321B1EA82B5F750E722E8457B82650EF54BC4F484835DD4D8769AEF3DF581C328
                                                                                                                                                                                                                                          Function 00007FF8A82B10EB Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_psk
                                                                                                                                                                                                                                          • API String ID: 193678381-1931443905
                                                                                                                                                                                                                                          • Opcode ID: 4e5b55db31039d31d9750c5e52b3d1bdf07f441a2022e32ca7753edf101a8f01
                                                                                                                                                                                                                                          • Instruction ID: 4f792da35a7947562180353624798be6c2dd70b2fa16c271e96fb0cdb522a92c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e5b55db31039d31d9750c5e52b3d1bdf07f441a2022e32ca7753edf101a8f01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34419D22E0BE86A6F750DF65D4413F923B0EB94B88F5C4131DA5C4B286EF3CE5818B24
                                                                                                                                                                                                                                          Function 00007FF8A82ECBEE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_indentO_printf
                                                                                                                                                                                                                                          • String ID: ,$NamedGroup: %s (%d)$UNKNOWN$key_exchange:
                                                                                                                                                                                                                                          • API String ID: 1860387303-2250237447
                                                                                                                                                                                                                                          • Opcode ID: a7e4a581b3082178f443201ce1f4ff9de1b91a4622e204e9bc047db4b18d94d1
                                                                                                                                                                                                                                          • Instruction ID: 2bec679447ab6174dd04f06c22dfa543d5344390120b0580df2c558b50668a5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7e4a581b3082178f443201ce1f4ff9de1b91a4622e204e9bc047db4b18d94d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4410522A1E6D252EA20CB5AD4041B92F91EB80BC0F0D4032DD4E17399EF3DE542C72C
                                                                                                                                                                                                                                          Function 00007FF8A831AB20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug$M_grow_clean
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_preprocess_fragment
                                                                                                                                                                                                                                          • API String ID: 3867660093-2459173683
                                                                                                                                                                                                                                          • Opcode ID: bcad1f618a939515b9b17526c2b9d3bd63af1911f2b4686603d2ad312544bc0b
                                                                                                                                                                                                                                          • Instruction ID: 737b8e4098b5d08137bc94b6e25f694a5108aaa9206c989803dfb707482fc3cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcad1f618a939515b9b17526c2b9d3bd63af1911f2b4686603d2ad312544bc0b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7316172B0AF81A5EB909B15E4413BD6760FB98BC4F584032DA4D47796DF3CE4828724
                                                                                                                                                                                                                                          Function 00007FF8A82B1947 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\d1_msg.c$dtls1_write_app_data_bytes
                                                                                                                                                                                                                                          • API String ID: 1552677711-1870589286
                                                                                                                                                                                                                                          • Opcode ID: d7058bece10e3601f4c0f81150a421c5e6d30c6262cad76699e9cbfd2afccac0
                                                                                                                                                                                                                                          • Instruction ID: ddb12b85c360aa91391e005276efe569dfa84582310e24e7652f2ed2de582c05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7058bece10e3601f4c0f81150a421c5e6d30c6262cad76699e9cbfd2afccac0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F216A21B0BA87B6F350AB21A8053B96250FF657D4F644532E98C03BDADF2CE8518669
                                                                                                                                                                                                                                          Function 00007FF8A82C2FB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_new_nullL_sk_pushR_newR_set_debugR_set_errorX509_up_ref
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_add0_chain_cert
                                                                                                                                                                                                                                          • API String ID: 3689422639-110169278
                                                                                                                                                                                                                                          • Opcode ID: 97776549071a639e74ca9d9a482df5c747c9043cd499037bd2dc8e27cd1a6276
                                                                                                                                                                                                                                          • Instruction ID: 480af5c6f426f1c072458d5a71ff5c7d0634652230a00bf2259de6496bcba4b6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97776549071a639e74ca9d9a482df5c747c9043cd499037bd2dc8e27cd1a6276
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E811B462B0EA41A1FB54EB65E4152B962A0FF547C4F1C0835EF4C43BCAEF2DE4418728
                                                                                                                                                                                                                                          Function 00007FF8A82BDC42 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$R_set_error$Y_freeY_get_security_bits
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                                          • API String ID: 3247900180-780421027
                                                                                                                                                                                                                                          • Opcode ID: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                                                          • Instruction ID: 082d6c405e37512e292bb513fe4027a146d46caaf6f5d8e5d31ad31a17fa6b93
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3080496033423c14b35dd283f7f5fa62782183a524f3f840e6e276bcf112f778
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD018451F1F802A5FB40D725E9466F91241EF653C0F880431DD0D47ADBEF2CF9468628
                                                                                                                                                                                                                                          Function 00007FF8A82B5A7A Relevance: 13.6, APIs: 9, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_set_flags$O_set_retry_reason$O_clear_flagsO_get_retry_reason
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3610643084-0
                                                                                                                                                                                                                                          • Opcode ID: ec346a3ecd8ef0eff09505d24858cdc67e1ff2564afee1b3c38daf08c4ed52da
                                                                                                                                                                                                                                          • Instruction ID: cc5438b3177b408991ee103fb187365f9d457cd1deea7ca224719fc0e432b500
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec346a3ecd8ef0eff09505d24858cdc67e1ff2564afee1b3c38daf08c4ed52da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D112A21F0F60366FA14FA66661627D4241EF95BD0F184532D80A4BB9FEF2CF543462D
                                                                                                                                                                                                                                          Function 00007FF8A82F9980 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\record\ssl3_record.c$early_data_count_ok
                                                                                                                                                                                                                                          • API String ID: 476316267-4150192623
                                                                                                                                                                                                                                          • Opcode ID: 57024454248ba0eee51447f81ee26c85974a6700e108d1ac7d5cc71fd0c652fd
                                                                                                                                                                                                                                          • Instruction ID: 59fa792a18881a7ed5d935ac2ce3df6859f39f433c61b35ba6aa1258179c0f2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57024454248ba0eee51447f81ee26c85974a6700e108d1ac7d5cc71fd0c652fd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B31F432B0A946A7FB94DB24E4457FD2290EB94BC4F194031EA0E47699DF3CED85C728
                                                                                                                                                                                                                                          Function 00007FF8A82B1B22 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$dtls_process_hello_verify
                                                                                                                                                                                                                                          • API String ID: 31086664-1847652839
                                                                                                                                                                                                                                          • Opcode ID: 2c88d434c8cf1806e8fd1677df89b65b16c9a3f0bfbfd464e2d8ae8238af89f1
                                                                                                                                                                                                                                          • Instruction ID: 88fd6a463cdcf41fa2b771bbb4397da48d0aa922815c2f698645a362304974eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c88d434c8cf1806e8fd1677df89b65b16c9a3f0bfbfd464e2d8ae8238af89f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E12191A2B1EE8161E7209B64E8012BD6360FF597D0F888231DA9C437D6EF3CE191C714
                                                                                                                                                                                                                                          Function 00007FF8A82B106E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_post_process_message$tls_post_process_client_key_exchange
                                                                                                                                                                                                                                          • API String ID: 193678381-715354105
                                                                                                                                                                                                                                          • Opcode ID: c015cf87a1d6c59d76f62471f3f2b99463cc2c3256abcc23cd98aa0413742e66
                                                                                                                                                                                                                                          • Instruction ID: 6f70e00aca47efc5d9e55e68f18a20461d42dbfdf6492058a84b04476253274f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c015cf87a1d6c59d76f62471f3f2b99463cc2c3256abcc23cd98aa0413742e66
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA219362F1B946A6F3549764D84A7F81280EFA4784F9C4931D50D862E6EF3CE5C6C338
                                                                                                                                                                                                                                          Function 00007FF8A8310BF3 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug$memcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$dtls_process_hello_verify
                                                                                                                                                                                                                                          • API String ID: 31086664-1847652839
                                                                                                                                                                                                                                          • Opcode ID: 1fe6c31ecea433c8facf989d7f46b2bc88c07b2a138a6b116675d1ff8645ff0d
                                                                                                                                                                                                                                          • Instruction ID: fad62c0761b01df79d7fc3ccd3270b43f2f4c5bb6b2470de0e6e0169d706e6ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fe6c31ecea433c8facf989d7f46b2bc88c07b2a138a6b116675d1ff8645ff0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA21E772F19F8551EB009B15E8412B9A351EFA4BD0F489232EA9D077EAEF3CE4D18714
                                                                                                                                                                                                                                          Function 00007FF8A82BFE90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugX_freeX_new_from_nameY_free
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl_generate_param_group
                                                                                                                                                                                                                                          • API String ID: 2173273376-2643799583
                                                                                                                                                                                                                                          • Opcode ID: 1bec1f029efe04790b1fad106dbb2ad5c791d130ad4cefb82e77066803dcbf3d
                                                                                                                                                                                                                                          • Instruction ID: 40d272b448824644d1c6c41def8c634eb717673fcde9b4f376b2b1b54ebf2618
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bec1f029efe04790b1fad106dbb2ad5c791d130ad4cefb82e77066803dcbf3d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10216022B1BB4265EB40EB16E4452B95350FF86BC0F481431EE4E8779AEF3CE4118764
                                                                                                                                                                                                                                          Function 00007FF8A82DBC40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                                                          • API String ID: 4194652714-507513155
                                                                                                                                                                                                                                          • Opcode ID: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                                                          • Instruction ID: 26976a761c21000717339d44768e3ad6466bacc31f2e5cf22eef82ba5ea86902
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39f4fb155c2929f564d4ecb20fc359980c90a3723bdfcedffaf70fc587f1c144
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D21D562B19E42A5EF40DB15E4412BD6360FB99BC0F984131EB4D43799EF3CD552C714
                                                                                                                                                                                                                                          Function 00007FF8A82D3A57 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_next$O_free_allO_int_ctrlO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_set_fd
                                                                                                                                                                                                                                          • API String ID: 2935861444-3152457077
                                                                                                                                                                                                                                          • Opcode ID: 17fc1f9a6157696bf755d150d7f584e62e799007193cca9c2486c6096195e493
                                                                                                                                                                                                                                          • Instruction ID: 187d41a1e71455cc9e1a86ec2aef21c80503fd9ab04a28b33a1ebfda0e0c86dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17fc1f9a6157696bf755d150d7f584e62e799007193cca9c2486c6096195e493
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F0C212F1AA4272E780E725F8062A65290EF683C0F484830E94D43B96FF2CE5428B64
                                                                                                                                                                                                                                          Function 00007FF8A82B1F8C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: A_freePrivateR_newR_set_debugR_set_errord2i_
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_use_RSAPrivateKey_ASN1
                                                                                                                                                                                                                                          • API String ID: 3102899966-1618854237
                                                                                                                                                                                                                                          • Opcode ID: db18ad489febb95787fadaf1181e6eb9b2d7a00a6e607442fe09232532b8e8c5
                                                                                                                                                                                                                                          • Instruction ID: b85b2a2463b21ace0069ce8912cc6b0e796a1cfb916e1c106dd0d5835ea30097
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db18ad489febb95787fadaf1181e6eb9b2d7a00a6e607442fe09232532b8e8c5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F01F711F2EA0261EB44E765F5411B95250FF983C0F485431F64E47B8BEF2CE0558B28
                                                                                                                                                                                                                                          Function 00007FF8A82B1E79 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_server_hello
                                                                                                                                                                                                                                          • API String ID: 476316267-2775970066
                                                                                                                                                                                                                                          • Opcode ID: 61f06d6e03898d8e97c38f7417d778d709713241b756692277350d4aae141463
                                                                                                                                                                                                                                          • Instruction ID: 73984e50cf8270769ea8c472432f82c2148eef7ec3b90fb04001d38656b35b17
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61f06d6e03898d8e97c38f7417d778d709713241b756692277350d4aae141463
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C61D471A0BA82A1F7609A26E4547B92390EFB0BC4F0C4435DE4E4B696FF3CE541C328
                                                                                                                                                                                                                                          Function 00007FF8A81916F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                          • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                                          • Opcode ID: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                                                          • Instruction ID: 8f8495d245e2191b9340c468ac25d6866315b18ffbcefc20882fab80efa4c067
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D51D862F1AE4662EB5A8B15D4502B833A1FB44BC4F491035DACF47794DF3CE891D328
                                                                                                                                                                                                                                          Function 00007FF8A8191000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                          • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                                          • Opcode ID: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                                                          • Instruction ID: f4a914ffeee81d1e0e76f489a37fe46d03a0bf3b1a505ee8a4007e9c0e9015a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB41C762B1AE82A1FB5A8B25D8503B93361FB047D0F481135DA9F47794DF2DE8D1C324
                                                                                                                                                                                                                                          Function 00007FF8A82B19C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ec_pt_formats
                                                                                                                                                                                                                                          • API String ID: 193678381-302162076
                                                                                                                                                                                                                                          • Opcode ID: a012173c701b202fdd5d8373fddc64a3d9e99b1ed4de02e621ddb34dfb993357
                                                                                                                                                                                                                                          • Instruction ID: 4418c4e0a3cb4d7475af5a1bbaa835cafb5772847fcbcfdc8780f15be5edb59d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a012173c701b202fdd5d8373fddc64a3d9e99b1ed4de02e621ddb34dfb993357
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5731C661B0EA4361E720A752E5052BA6360EF84BC4F4C4531EE8C47B8ADF6CE541C764
                                                                                                                                                                                                                                          Function 00007FF8A82B1E0C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_server_certificate
                                                                                                                                                                                                                                          • API String ID: 193678381-3740638300
                                                                                                                                                                                                                                          • Opcode ID: dcf04588db980789402b1b523b5720a011f11a991b9ce08f85b28c9689fa6634
                                                                                                                                                                                                                                          • Instruction ID: 72eeea42c3d82984e0616a04832dea0d497ac1c0b20f03e447bc31b1762979e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcf04588db980789402b1b523b5720a011f11a991b9ce08f85b28c9689fa6634
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC21D731B1AA8165E744D726E8556AD2750EF94BC0F8C4431EE8D43B9AEF3CE942C714
                                                                                                                                                                                                                                          Function 00007FF8A830FC10 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Digest$Update$Final_exInitX_freeX_new
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3927069315-0
                                                                                                                                                                                                                                          • Opcode ID: 3583035346c7cd232aab5c19eb5d55da73f0edce0933137d407b6799218f8909
                                                                                                                                                                                                                                          • Instruction ID: 4ee0b3ab66cab000f1ecfe34fde82efc9cc665cfaab3055f1d3842e88ad6f1cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3583035346c7cd232aab5c19eb5d55da73f0edce0933137d407b6799218f8909
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F219221B0BF4255EA54E756A9522BE5261EF85BC0F4C0035EE4E477DBEF2CE4428718
                                                                                                                                                                                                                                          Function 00007FF8A82B1C67 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_lib.c$ssl3_output_cert_chain
                                                                                                                                                                                                                                          • API String ID: 193678381-603691555
                                                                                                                                                                                                                                          • Opcode ID: f081b8c109e92a1b4520bf5d4836e297576145d0270ff87205bc6287f4a9dde4
                                                                                                                                                                                                                                          • Instruction ID: faba67cd818a2ececc90191a23280115c77b2612b96a6b560a9a8bbd29c4a488
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f081b8c109e92a1b4520bf5d4836e297576145d0270ff87205bc6287f4a9dde4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B421A421F1E982A1E790D722F9456B91650EF84BC0F4C4431EE4D87B9AEF2CE5428728
                                                                                                                                                                                                                                          Function 00007FF8A82D7C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_peek_internal
                                                                                                                                                                                                                                          • API String ID: 1552677711-1363730714
                                                                                                                                                                                                                                          • Opcode ID: 3bca421143e6903208f4b76cd5e3fc67da27b4d2d9bbfcdf774d270b5de6ef08
                                                                                                                                                                                                                                          • Instruction ID: ef59ed48c31f5f83cd74ca8fa19d51b9982e0c627cf10be8b8023fac4babfc31
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bca421143e6903208f4b76cd5e3fc67da27b4d2d9bbfcdf774d270b5de6ef08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D921B232A0AB81A9E710DB11F4412BA77A0FB54BC4F580135EE8D03B99DF3CE102CB64
                                                                                                                                                                                                                                          Function 00007FF8A8324D66 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flagsR_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_read_transition
                                                                                                                                                                                                                                          • API String ID: 4119164335-396436010
                                                                                                                                                                                                                                          • Opcode ID: afc4284d667adbf0c089631e4684f7c0b695846db7a5bed437cd08310a116902
                                                                                                                                                                                                                                          • Instruction ID: e1178b5f2cc6c7b04bc05fd1e7ce4a2871ca1cae3a38fd80b28704f6bfae609e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afc4284d667adbf0c089631e4684f7c0b695846db7a5bed437cd08310a116902
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52117F61F0764666FBA1DB25D4553BC2281EBA1B84F8C4130C90C4B6CAEF7CE8D68728
                                                                                                                                                                                                                                          Function 00007FF8A82B1DC5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_supported_versions
                                                                                                                                                                                                                                          • API String ID: 193678381-4079417333
                                                                                                                                                                                                                                          • Opcode ID: 4dbac034448c9854fdf7ac52d18e8be9daec336831c713238b760da66f6200c0
                                                                                                                                                                                                                                          • Instruction ID: 3a68614dc5bacf454082db40d7f3d7e10e192f8ccd711aeecf3ce9a8183087ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dbac034448c9854fdf7ac52d18e8be9daec336831c713238b760da66f6200c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C11E9B1F0B94266F76197A1E8167F92250EF84780F885431D54C43BDAEF2CE5A1C328
                                                                                                                                                                                                                                          Function 00007FF8A82FD9F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$final_renegotiate
                                                                                                                                                                                                                                          • API String ID: 193678381-1135624566
                                                                                                                                                                                                                                          • Opcode ID: 1a7262c2a771920ea0613e27e9eb0b7673a5ec7af0afdd2d19e460d6755fe7da
                                                                                                                                                                                                                                          • Instruction ID: dd9f82bef982117fc1110eef5587c7c013f7023b6b54b0483de3f9254a4c9640
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7262c2a771920ea0613e27e9eb0b7673a5ec7af0afdd2d19e460d6755fe7da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F11CE22F1B542AAFB50D764E84ABF42250EF94781F884431D90D066DAEF7CA9D2C628
                                                                                                                                                                                                                                          Function 00007FF8A8191150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _PyArg_CheckPositional.PYTHON312 ref: 00007FF8A8193607
                                                                                                                                                                                                                                          • _PyArg_BadArgument.PYTHON312 ref: 00007FF8A819363A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A81911B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FF8A81911E2
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A81911B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FF8A81911FA
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A81911B0: PyType_IsSubtype.PYTHON312 ref: 00007FF8A819121D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                                          • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                          • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                                          • Opcode ID: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                                                          • Instruction ID: da6b4b5df072924673eb3242142e2c7ee894e7b5b333bb4f851064f3050f5ec7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4911A1A1B09E82B4EB518B22E8406B57360FF04FC4F889032D90D07794DF2CD584C328
                                                                                                                                                                                                                                          Function 00007FF8A8194768 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                          • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                          • API String ID: 3876575403-184702317
                                                                                                                                                                                                                                          • Opcode ID: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                                                          • Instruction ID: 2b0760df4f9ef6d073724aff6e1df6d7a57701c7dc790d6f2f6adb41bc4ef859
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66018065B0AE8AA4EB558B06E8907B53360FF16FC4F948032D90E47758DF2CD485C3A8
                                                                                                                                                                                                                                          Function 00007FF8A82B8E10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error$L_sk_freeL_sk_new_nullstrchrstrncmp
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\d1_srtp.c$ssl_ctx_make_profiles
                                                                                                                                                                                                                                          • API String ID: 4085728402-118859582
                                                                                                                                                                                                                                          • Opcode ID: 0d1f9f218e39bb79ca77dfcf46e681e3c0ee1726da35bf3cdc1b775022e0c44b
                                                                                                                                                                                                                                          • Instruction ID: e0ba8031bb0c2a95ed5ea4885896c65bb67779a821250bc90f05671f3f8570d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d1f9f218e39bb79ca77dfcf46e681e3c0ee1726da35bf3cdc1b775022e0c44b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7016D22E0B652B6E714E756E846AF92250EF557D4F884031ED4C03796FF3CE5478728
                                                                                                                                                                                                                                          Function 00007FF8A82B1DFC Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_set1_id_context
                                                                                                                                                                                                                                          • API String ID: 1331007688-3187944184
                                                                                                                                                                                                                                          • Opcode ID: e5b6be9ce2ef3951e7199fba595092d61ff35a413a7a31c12d1b16be28cc301a
                                                                                                                                                                                                                                          • Instruction ID: 0d7e06622eec8b83055757a10ab77f9171e6faedef43b56f330f1069b49d4b65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5b6be9ce2ef3951e7199fba595092d61ff35a413a7a31c12d1b16be28cc301a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF082ADF2B85672F7A0F36498577F81540EF503C0FD44430E10D02AD6EF5D65864B29
                                                                                                                                                                                                                                          Function 00007FF8A82D0DE0 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: L_sk_num$L_sk_freeL_sk_new_nullL_sk_pushL_sk_value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1173513325-0
                                                                                                                                                                                                                                          • Opcode ID: a5f7cdcd82ba6e838c9c8337772e4fd56824ecea02e6d825201669a50e835998
                                                                                                                                                                                                                                          • Instruction ID: 14f15150abe19edb4824b42e359ea23c7e52e46099c80f63dfcf1f6f3c9fb111
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5f7cdcd82ba6e838c9c8337772e4fd56824ecea02e6d825201669a50e835998
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9219511F0BB5255FA649B6255002BA6590DF94FC0F8C4034EE8D87B9EEF7CE4024B68
                                                                                                                                                                                                                                          Function 00007FF8A82ECD51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s (%d)
                                                                                                                                                                                                                                          • API String ID: 1860387303-2206749211
                                                                                                                                                                                                                                          • Opcode ID: bf024ff034e7135050dd90a3ac2463255f5723a484b29ff78beb1f8e2e573cb4
                                                                                                                                                                                                                                          • Instruction ID: 86a7c4c0673d4151e7e52af2bf416150f7a6c5c57442e691baecc134cd1f129e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf024ff034e7135050dd90a3ac2463255f5723a484b29ff78beb1f8e2e573cb4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A631D322B1E792A7EB608A55D8406792F91EB81BC0F484032DE5D07789EF7DE542C72C
                                                                                                                                                                                                                                          Function 00007FF8A82D49A6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_ctrlR_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_write_early_data
                                                                                                                                                                                                                                          • API String ID: 3777157029-3084438645
                                                                                                                                                                                                                                          • Opcode ID: b64caff3e830c64fb9b79d6ba9e379cac4744efc1bdb6f067198b4ae53f652c4
                                                                                                                                                                                                                                          • Instruction ID: 28a67e8c32040a5733f58bfdf0e41503b57aca4bcc50c668c3188713db9008af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b64caff3e830c64fb9b79d6ba9e379cac4744efc1bdb6f067198b4ae53f652c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A318062A0AA82A7F768DB21D6513BD6B90FB407D0F144036DB5D4368ADF7CF4618B18
                                                                                                                                                                                                                                          Function 00007FF8A82CADC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_conf.c$ctrl_switch_option
                                                                                                                                                                                                                                          • API String ID: 1552677711-2996977199
                                                                                                                                                                                                                                          • Opcode ID: 66fffca0f7c304dc868740220faf50a72209fad0b6b3fe076def9759ae60745a
                                                                                                                                                                                                                                          • Instruction ID: 5b8fde9c3e6f8befed621610dee0c04e9da88cd43d6cefcebffe82f001f21626
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66fffca0f7c304dc868740220faf50a72209fad0b6b3fe076def9759ae60745a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F21D0F2F1750192FB959F25D8427BC2250FB547C4FD48035C60E82795EF2CE4968354
                                                                                                                                                                                                                                          Function 00007FF8A82B20F4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_new$R_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_sig_algs
                                                                                                                                                                                                                                          • API String ID: 476316267-3674336150
                                                                                                                                                                                                                                          • Opcode ID: 03afc3c3ea7927d82ff449e33dd31ed2cc5a86f4dfd0b147dec670060bcc038e
                                                                                                                                                                                                                                          • Instruction ID: 372c4a407badd6f7fe6713dbd6306430d99ae07d90fe1311cf9ca1a680c0253c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03afc3c3ea7927d82ff449e33dd31ed2cc5a86f4dfd0b147dec670060bcc038e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F21F262E1EA5296F760476494017BA67A0FB583C4F185330E5CC46A95EF3CE191C71C
                                                                                                                                                                                                                                          Function 00007FF8A8194694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                          • API String ID: 1522575347-3913127203
                                                                                                                                                                                                                                          • Opcode ID: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                                                          • Instruction ID: badbf76e796e143795e4adcdd669b0d2ee860cd89e67184c8f008eafc6b22efa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A21C365F0AE86B1EB5A8B12E9501B937A2FF45BC8F448031D64D43B54DF2CE894C3A8
                                                                                                                                                                                                                                          Function 00007FF8A82B1B45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_msg.c$ssl3_do_change_cipher_spec
                                                                                                                                                                                                                                          • API String ID: 1552677711-2597545827
                                                                                                                                                                                                                                          • Opcode ID: 396dfe84239bcc4f7de47202a2e46f42dd99596e70bd6f52f4e63e825aefa645
                                                                                                                                                                                                                                          • Instruction ID: d8d9fcf6f3ec4e34f2c18f684ac14b7af7f3bfd12c1d6eeb9291965a6c7d1695
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 396dfe84239bcc4f7de47202a2e46f42dd99596e70bd6f52f4e63e825aefa645
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8221A262B1AA4592FB44DF29E8843F92390FB98BC4F584031DA4E87795DF3CD882C754
                                                                                                                                                                                                                                          Function 00007FF8A8194C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: not a numeric character
                                                                                                                                                                                                                                          • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                          • Opcode ID: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                                                          • Instruction ID: 0a339229c326610744b81a1e527894e7cca72b804f8ea4d7cb65d63dd59150c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2219D21F0ED42E9EB528B25E41017977A0FF54BC8F088131C90E57664EF2CF881C7A8
                                                                                                                                                                                                                                          Function 00007FF8A8194358 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                          • String ID: not a decimal
                                                                                                                                                                                                                                          • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                          • Opcode ID: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                                                          • Instruction ID: 9fc246c546b578da63eaebb71b72fa72a360faf28a7092aba48172ff32344b66
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC114221F1AE52A2EB568B36E45417D36A1FF94BC8F448035D94E47654DF2CE980C3A8
                                                                                                                                                                                                                                          Function 00007FF8A8194A68 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                          • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                          • API String ID: 3876575403-4190364640
                                                                                                                                                                                                                                          • Opcode ID: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                                                          • Instruction ID: aa31029d1718d4f29d75cbfd6717354515f34bd078ee58c0e421a2f7ae59f12a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85118F32F09E82A5EB519F52E8401A97360FB48BD8F584032DA5E43759DF3CE555C35C
                                                                                                                                                                                                                                          Function 00007FF8A81942A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                          • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                          • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                                          • Opcode ID: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                                                          • Instruction ID: 79a51e466126507540996a304a6d3d691b02aeffd92e642851bcb3eb482433b4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3118F31B09E92E5EB519F12E4401A97360FB44BC8F988432DA1D43755CF3CE595C398
                                                                                                                                                                                                                                          Function 00007FF8A8194BA8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                          • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                          • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                                          • Opcode ID: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                                                          • Instruction ID: 597faba220d23d6e9309b1a889e771ed7591a677afbe6687a7c3ef86401ba952
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5119E32B0AF86A9EB51DF52E8401A97360FB44BC8F588032DA1D47769CF3CE585C358
                                                                                                                                                                                                                                          Function 00007FF8A8194974 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                          • API String ID: 3979797681-4001128513
                                                                                                                                                                                                                                          • Opcode ID: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                                                          • Instruction ID: beaa0adc990ab3f2f577c6f4b5773eb9164456047ae493da4d6820fd9bc8df49
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D901F2A1F0AE43B1EA268B15E8501B933A0FF4C7D8F500635C64E63284DF3CE584C3A8
                                                                                                                                                                                                                                          Function 00007FF8A81941B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                          • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                          • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                                          • Opcode ID: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                                                          • Instruction ID: 53ecf3bb65ba411152c9e327204006d70dffe3c77541c67827c99557af000a31
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A101DB61F0AE43B2EA2A9B25F8400B832A0FF1DBD8F800231C94D43690DF3CE594C368
                                                                                                                                                                                                                                          Function 00007FF8A82D7B20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$RSA$ssl_log_rsa_client_key_exchange
                                                                                                                                                                                                                                          • API String ID: 193678381-1475867426
                                                                                                                                                                                                                                          • Opcode ID: f63da21c475a7f83d47ad1fdf2e90d13d45e81726cadcc5edb9713703b8c50f9
                                                                                                                                                                                                                                          • Instruction ID: 4334b57768cdb9d34cdc189ab629bd83bc3ffdbe306f9b3c7f9e5d1d6536ff40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f63da21c475a7f83d47ad1fdf2e90d13d45e81726cadcc5edb9713703b8c50f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18F0F665F2AA46A6E700E761FC056F52650FF943C1F484430DD8C47796EF2CE2518768
                                                                                                                                                                                                                                          Function 00007FF8A8192630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                          • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                          • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                          • Opcode ID: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                                                          • Instruction ID: a87d6764e614af5e8b204c3f3dfa1fc7154e02188792b80883cf9de019ae217a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFF0C421A1BF46A5EA078B25A8541B973A4FF08BC9F881432CD5E16764FF3CE458C328
                                                                                                                                                                                                                                          Function 00007FF8A82B1EB6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_read
                                                                                                                                                                                                                                          • API String ID: 1552677711-152370140
                                                                                                                                                                                                                                          • Opcode ID: 413527c0c843632a2cc43661485ad4fe0a31e86a10a9d4cf189f9a5e4850dff0
                                                                                                                                                                                                                                          • Instruction ID: c8d6633b3da3a4320171c0b819e63e987c0d6a7f8f56adbc8ed07b9657b096ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 413527c0c843632a2cc43661485ad4fe0a31e86a10a9d4cf189f9a5e4850dff0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DCF0F055E0B94266F301EB34E813AF92210EF60390FD44131E60D42AD3EF1DF5468A34
                                                                                                                                                                                                                                          Function 00007FF8A82B1A00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$SSL_peek
                                                                                                                                                                                                                                          • API String ID: 1552677711-1473178562
                                                                                                                                                                                                                                          • Opcode ID: b7337fe6ce6d8c032f6f18129c067dc5f31905d5b9b69bec1520e975fd3ce44c
                                                                                                                                                                                                                                          • Instruction ID: 29a2c30f688fae4bd0104f19c92680ac652e398950362dd4db968a3d1497b9c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7337fe6ce6d8c032f6f18129c067dc5f31905d5b9b69bec1520e975fd3ce44c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77F08225E1B94676F750E334D843AF92210EF653C0FE44531E60C429E7EF2CF5468A64
                                                                                                                                                                                                                                          Function 00007FF8A82BD0EC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                                          • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                                          • Opcode ID: a860d735f6fe460b9ed38740efebbfc35dfccece810951fad2f9c33abfa7f6eb
                                                                                                                                                                                                                                          • Instruction ID: 16b6021f6f9bdf203445f0ef0294b3d9ef554248324c18f2676cc36c6f23aea7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a860d735f6fe460b9ed38740efebbfc35dfccece810951fad2f9c33abfa7f6eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0BE16A1BA81E5F350EBA4E0011F82210EF557D0F880032CE0D07ACAAF2CF542C638
                                                                                                                                                                                                                                          Function 00007FF8A82BDD20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                                          • API String ID: 1552677711-780421027
                                                                                                                                                                                                                                          • Opcode ID: 66d4e7c6d30f0315dfed6ebc710f999e3b2f80767fb95eceb4b7b5190110eab5
                                                                                                                                                                                                                                          • Instruction ID: 43ae31d1474a209a1916065fce7b9ba617f8dcae280b82df13edf9900833d9ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66d4e7c6d30f0315dfed6ebc710f999e3b2f80767fb95eceb4b7b5190110eab5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88F0A762E2F941E5FB90D724E4465F91210EF553D4F980532DE4D076CAEF2CE545C728
                                                                                                                                                                                                                                          Function 00007FF8A82BD0A2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                                          • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                                          • Opcode ID: 331e23a8593135e9122189d94e75dd2e319d85b15da77aefea71476a8b35d0aa
                                                                                                                                                                                                                                          • Instruction ID: 6a0fdac2fee166ff8d9911b1dde15524bedb1cd86be2fd5d18e50c22171bd1b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 331e23a8593135e9122189d94e75dd2e319d85b15da77aefea71476a8b35d0aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DE04F16A1E841A5F390E764F4024E92210EF553E0F980432DA0D026D6EF3DF486D768
                                                                                                                                                                                                                                          Function 00007FF8A82B20D6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_void_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-3489766127
                                                                                                                                                                                                                                          • Opcode ID: 986660b630863c4cf31fc8bcc33019cc8d5994375ee52f4f2871e256921f540d
                                                                                                                                                                                                                                          • Instruction ID: 0afdff96c5aed0659dca065b2ec7564c3563137b410e7af9f13662feabd3d100
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 986660b630863c4cf31fc8bcc33019cc8d5994375ee52f4f2871e256921f540d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBE04618F2A84376F340E320A806AB91200EF60380FE44431E40D42A92EF2CB50A8668
                                                                                                                                                                                                                                          Function 00007FF8A82CBA10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: f10b79996c2a92eca45b8211c9476f5ccabb41adeda706c1bd57ea5441c51930
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f10b79996c2a92eca45b8211c9476f5ccabb41adeda706c1bd57ea5441c51930
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82CBA70 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: ad13ed55bfa56bdfb604f0a7537003d1c24469e83d093fb3ba2bee9aa2a07846
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad13ed55bfa56bdfb604f0a7537003d1c24469e83d093fb3ba2bee9aa2a07846
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82CBAD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: a890c7a6ce92884863d797033b923ca2f477f9b754829e71e2c510313747f760
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a890c7a6ce92884863d797033b923ca2f477f9b754829e71e2c510313747f760
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82CBB30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: 56e15a37842fe0dd599d6c964779cc2f16a4635d9b4f78df93a97c8c002367dd
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56e15a37842fe0dd599d6c964779cc2f16a4635d9b4f78df93a97c8c002367dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82CBB90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: 65a5335adb7ccc48d9f4ade7c086427e4461d71b89b18bf355e8d4f3e0295113
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65a5335adb7ccc48d9f4ade7c086427e4461d71b89b18bf355e8d4f3e0295113
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82CBBF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: e5d4594d72a90c4b0a88b7a81742d8e3e940df2a3f5ae6a7e67ec0bc632beab9
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5d4594d72a90c4b0a88b7a81742d8e3e940df2a3f5ae6a7e67ec0bc632beab9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82CBC50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_function
                                                                                                                                                                                                                                          • API String ID: 1552677711-2204979087
                                                                                                                                                                                                                                          • Opcode ID: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                                                          • Instruction ID: 9168cd722e7fd33ad9eeb30e388ddd166150862c02d9508fa551710dfa0ab23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2d1405cb58b5c5623c5942482346337c1b790aa5a6a1e377cca11eeeae03d46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CE0EC19F2A94276F340F770A8575F91210EF61391FD48431E40D42A92EF2CA54A8764
                                                                                                                                                                                                                                          Function 00007FF8A82BDCDE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                                          • API String ID: 1552677711-780421027
                                                                                                                                                                                                                                          • Opcode ID: f37569fc868ba7783e70e09dc8272ee77bab95bbde8dc9a640cd8282b2e93219
                                                                                                                                                                                                                                          • Instruction ID: 2ea8fa974d71a2881f6d67ecafeaf670e758ea4390f7c4303e5c1aedbfafddd1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f37569fc868ba7783e70e09dc8272ee77bab95bbde8dc9a640cd8282b2e93219
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1E0EC55F2E842B6F350E724E8425F91210EF65380F980836D90E525D6EF3DE945C669
                                                                                                                                                                                                                                          Function 00007FF8A82B1DDD Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: X509_$E_dupE_freeL_sk_new_nullL_sk_pushX509_get_subject_name
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231116090-0
                                                                                                                                                                                                                                          • Opcode ID: 3d124573fcd354c9fbecc81aaaf3215fccb6fa0846808722a8b4bed0c8cfff05
                                                                                                                                                                                                                                          • Instruction ID: e94046d0c7eab6ef01e4776c8434d8994440ed6b0d1ee667e3fbe321e363f673
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d124573fcd354c9fbecc81aaaf3215fccb6fa0846808722a8b4bed0c8cfff05
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F019E92E0BA4251FF85A756A1163B91290DFA8BC4F0C0031EA8C4B78BFF1CD8524228
                                                                                                                                                                                                                                          Function 00007FF8A82BABB2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_enc.c$ssl3_change_cipher_state
                                                                                                                                                                                                                                          • API String ID: 193678381-4073342769
                                                                                                                                                                                                                                          • Opcode ID: dceba1c64097241615e0fc1703333ee8f5fcd1dc3d3c998e940b48410fd7c00a
                                                                                                                                                                                                                                          • Instruction ID: 57b9051a48b07d590f27cbe6faefacbc294b8620c945a1b3c112659b1f21915f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dceba1c64097241615e0fc1703333ee8f5fcd1dc3d3c998e940b48410fd7c00a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE01D263A0B6426DF301AB12BC05AF96354FB587D8F480830EE4D03A56EF38E2478314
                                                                                                                                                                                                                                          Function 00007FF8A830FED9 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                                          • API String ID: 193678381-2379272181
                                                                                                                                                                                                                                          • Opcode ID: 058576041fee6025fc4e271c182303549ab96a8b1954b4e2550646d8d1d4e149
                                                                                                                                                                                                                                          • Instruction ID: 8803f80e2685bea953658ef8979263e4df8d2905bd7b741ce8a496dfa12237ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 058576041fee6025fc4e271c182303549ab96a8b1954b4e2550646d8d1d4e149
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F02B21F1B84266E340D764D895BF82340DF557C8F588831ED4C876A6EF2CE1438724
                                                                                                                                                                                                                                          Function 00007FF8A82B10AA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_sig_algs
                                                                                                                                                                                                                                          • API String ID: 193678381-4035473336
                                                                                                                                                                                                                                          • Opcode ID: 93acb5a60f194efea92f892e52a2113056a595ac35d7cd52714ab02f45be1271
                                                                                                                                                                                                                                          • Instruction ID: 832f6a76e4d3c685c625d7291432df51541bb65ccde2456d30211ec334626f2e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93acb5a60f194efea92f892e52a2113056a595ac35d7cd52714ab02f45be1271
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A631EA61B0FA8261FB509792E9453F96260EF847C0F5C0031EE8C47BDADF2CE9428329
                                                                                                                                                                                                                                          Function 00007FF8A82B1A87 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_use_srtp
                                                                                                                                                                                                                                          • API String ID: 0-3251434361
                                                                                                                                                                                                                                          • Opcode ID: 45b170a69d85541e434e019c63cc44df867896feb47ff342777d27cb72417df9
                                                                                                                                                                                                                                          • Instruction ID: 2c775882688d6818421c54f532d648c07c45c93a0a589844fa6c35e878ef5928
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45b170a69d85541e434e019c63cc44df867896feb47ff342777d27cb72417df9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7521C211B1B58265FB54A762F9457BA1291FF847C5F4C4430DD8C8BBCAEF2CE8418768
                                                                                                                                                                                                                                          Function 00007FF8A82B1E51 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_alpn
                                                                                                                                                                                                                                          • API String ID: 0-862372828
                                                                                                                                                                                                                                          • Opcode ID: 66aff086781df4091f650657416069d6a0c3ab364a3c503c6c5a81e401205384
                                                                                                                                                                                                                                          • Instruction ID: a58025b266fa9eb2f98b166f003f5f820a5594468cba315090ff71f33d56229b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66aff086781df4091f650657416069d6a0c3ab364a3c503c6c5a81e401205384
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59218411B0A64366FB54AB62E9457BA1250EF44BC4F4C4431DE8D4BBC6EF6CE4A18368
                                                                                                                                                                                                                                          Function 00007FF8A82B1910 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_psk_kex_modes
                                                                                                                                                                                                                                          • API String ID: 193678381-1556962829
                                                                                                                                                                                                                                          • Opcode ID: cdd95a2c04ed8f8ce0607f79ecbdc1296ad63eea15873b9a66f48712a1d54aff
                                                                                                                                                                                                                                          • Instruction ID: 4b70f2d39e2287cbff66c5a1141366140f5f5adb30e9f9d53235568e06afcb63
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdd95a2c04ed8f8ce0607f79ecbdc1296ad63eea15873b9a66f48712a1d54aff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D021C962E0EA82A6FB509BE094015F97360FF557C8F185531DA8C46285EF2CFA918728
                                                                                                                                                                                                                                          Function 00007FF8A82B1AF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_next_proto_neg
                                                                                                                                                                                                                                          • API String ID: 193678381-2301358877
                                                                                                                                                                                                                                          • Opcode ID: 86373516f0e2d0f54e3e4f290b2bbd539807c85866fdb5af1cf34785d53321ec
                                                                                                                                                                                                                                          • Instruction ID: 9ceb6ad3cc4de5430e4fb43e222d44b94df8452ca5db72f33864950924a05ca9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86373516f0e2d0f54e3e4f290b2bbd539807c85866fdb5af1cf34785d53321ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB21C622B0EA4296E750CB56E4457BA6360EF857C8F4C4431DE4C47B9ADF3DE941C714
                                                                                                                                                                                                                                          Function 00007FF8A82FEC00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$final_early_data
                                                                                                                                                                                                                                          • API String ID: 193678381-1817123252
                                                                                                                                                                                                                                          • Opcode ID: 3a9a25aac602284c858c6e799458309d4d0e5e79e1dde57f44a79b01c9e08b2f
                                                                                                                                                                                                                                          • Instruction ID: 7d368a112816794e9c8a4c761909338a680f279323fbd29fefaa5e7aef7a281d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a9a25aac602284c858c6e799458309d4d0e5e79e1dde57f44a79b01c9e08b2f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C121A165E071429AFB65A629C44A7F82190FF047D8F584435E90C0A2D9DFBDACE2CA28
                                                                                                                                                                                                                                          Function 00007FF8A82B1AA5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_server_name
                                                                                                                                                                                                                                          • API String ID: 193678381-1140354471
                                                                                                                                                                                                                                          • Opcode ID: 750eeb9985e7062bd7bd9dcf4792437d502d0fd801e853246b1c25637d4aad2e
                                                                                                                                                                                                                                          • Instruction ID: c5ec935a3d3152ad386fa2a79f709863db4bc4a784670e32bb0d1e5efd3c9c46
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 750eeb9985e7062bd7bd9dcf4792437d502d0fd801e853246b1c25637d4aad2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8611E421B0A986A2FB64D75AE4957F92260EF847C8F4C4430DE0D876D6DF2CEC81C718
                                                                                                                                                                                                                                          Function 00007FF8A82EEB60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s=0x%x (%s)$UNKNOWN
                                                                                                                                                                                                                                          • API String ID: 1860387303-4219816433
                                                                                                                                                                                                                                          • Opcode ID: 99a4b063b3fab589dd76ce346bf8918259384f159b371a5cd85ffd6c809e88cb
                                                                                                                                                                                                                                          • Instruction ID: 3089bc2fe26e1b45d605636e954010ea1d3207383747b13ee45b45078a7af59d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99a4b063b3fab589dd76ce346bf8918259384f159b371a5cd85ffd6c809e88cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A219376A09B8596E7109F16E4501297BA0F785BD0F484139EF9E437A9EF3CD501C728
                                                                                                                                                                                                                                          Function 00007FF8A8328C10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$tls_handle_status_request
                                                                                                                                                                                                                                          • API String ID: 193678381-662828239
                                                                                                                                                                                                                                          • Opcode ID: cb11e02509da6950250a63b60ff7b367a1c661b4e920f280ab37e77340e9698b
                                                                                                                                                                                                                                          • Instruction ID: 72a02353d26f86cd09bfb678891bd4f4d0c6bd9eebfcd1e7e1ddab64a90a654a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb11e02509da6950250a63b60ff7b367a1c661b4e920f280ab37e77340e9698b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5421A222B07A8295FB549B29D8483F82290FF55BD4F5C4035C90C4B3D5EF7D9591C728
                                                                                                                                                                                                                                          Function 00007FF8A82FED40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$final_maxfragmentlen
                                                                                                                                                                                                                                          • API String ID: 193678381-2725335993
                                                                                                                                                                                                                                          • Opcode ID: dd484653c74b5faab9857a3d3a7d1e1fa770693da6d98d7b77a5c63af576b7be
                                                                                                                                                                                                                                          • Instruction ID: 44e25f6e3dde179401295773b539cffd6816cae4d5e37b8ec3f3cb9526ab9086
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd484653c74b5faab9857a3d3a7d1e1fa770693da6d98d7b77a5c63af576b7be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB11E736B0B68353FB55E729D4457F82288DF407C1F4C0431D51C4AAEAEFADA9D2C628
                                                                                                                                                                                                                                          Function 00007FF8A82BDD72 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                                          • API String ID: 193678381-780421027
                                                                                                                                                                                                                                          • Opcode ID: 01939b7f6dd2724200c4bd3345bedeafed5326d98be5687d6f77fc2bc1afb48d
                                                                                                                                                                                                                                          • Instruction ID: 30c4bf0a0949ca5273d51e5f7a1cc4fa5cb614e8f08e881b322928f2a927150e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01939b7f6dd2724200c4bd3345bedeafed5326d98be5687d6f77fc2bc1afb48d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21FA13E29BC593E7428B29D6452F82720FBA9788F49A321DF8C16257EB64F6D4C314
                                                                                                                                                                                                                                          Function 00007FF8A82B1E60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_etm
                                                                                                                                                                                                                                          • API String ID: 0-2790762957
                                                                                                                                                                                                                                          • Opcode ID: f52ae289809a81fe1c5b3759957fde536323826cefa5e9094a9b288eaf044ade
                                                                                                                                                                                                                                          • Instruction ID: 03f5d942908bc679929f8f269b0be355880818879ca23ee73f74f6476a909b4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f52ae289809a81fe1c5b3759957fde536323826cefa5e9094a9b288eaf044ade
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42010821F1A542A2FB54D7A6E9456FD6250EF887C0F4C4430E95C47A96EF2CE9808724
                                                                                                                                                                                                                                          Function 00007FF8A82B2018 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_hello_req
                                                                                                                                                                                                                                          • API String ID: 193678381-485657334
                                                                                                                                                                                                                                          • Opcode ID: aa557f4b55b1868ea70b623a21180013864f7dd496e50e81fe453f9501158e5b
                                                                                                                                                                                                                                          • Instruction ID: 4029ee99bc079171c15587cdad041914177bf8c4c05998376bd43a8d8e6cf234
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa557f4b55b1868ea70b623a21180013864f7dd496e50e81fe453f9501158e5b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F011ADB2E17582A6FB40E7A6D4067F81250EF90B84F880430D64C476C6EF2CA9D2C738
                                                                                                                                                                                                                                          Function 00007FF8A830ED6B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                          • API String ID: 193678381-552286378
                                                                                                                                                                                                                                          • Opcode ID: fc5e370ba9f039f6882a36198ef4881b302ec3d7f713d5eb6dbcf920268df4be
                                                                                                                                                                                                                                          • Instruction ID: 268ae53fcdaec38ec5a0d9f0bd352393ae4e4e1005f9d65bff2cd3bcf113f8ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc5e370ba9f039f6882a36198ef4881b302ec3d7f713d5eb6dbcf920268df4be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A11A036A0AA82A6E765EBB5B4247FD2324EF807C4F0C0136CA0D02695DF3DE946C724
                                                                                                                                                                                                                                          Function 00007FF8A8191EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FF8A8191EDC), ref: 00007FF8A8193B35
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A8191FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A8192008
                                                                                                                                                                                                                                            • Part of subcall function 00007FF8A8191FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF8A8192026
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON312 ref: 00007FF8A8191F53
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                          • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                          • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                          • Opcode ID: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                                                          • Instruction ID: 82c1fa5057a70320d3ef64ef0542a5539559685f099139bf49961aa6703405d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F112176A1AD4BE1EB018B24E8842B47360FB98BCCF800431CA4D462A4DF7DD18AC724
                                                                                                                                                                                                                                          Function 00007FF8A82FEB50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$final_sig_algs
                                                                                                                                                                                                                                          • API String ID: 193678381-3611835258
                                                                                                                                                                                                                                          • Opcode ID: 99d69e5dc2549d8c46bf470cb3db15e3bad882841d918bc8739831bfb958df0c
                                                                                                                                                                                                                                          • Instruction ID: 992a4f4009e6b6d4acc6949508c331e1fe5fff51ea1f9725f029a826410dc623
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99d69e5dc2549d8c46bf470cb3db15e3bad882841d918bc8739831bfb958df0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B01F2A2E0B543A2F751E76DD804BB82340FF40780F880432C90C876EDDF6CA892C628
                                                                                                                                                                                                                                          Function 00007FF8A82B1B40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_dtls.c$dtls_construct_change_cipher_spec
                                                                                                                                                                                                                                          • API String ID: 193678381-1275380453
                                                                                                                                                                                                                                          • Opcode ID: de480bc5cc061fd9856c80761e82027197f765c8599161cb22b9137af11547ac
                                                                                                                                                                                                                                          • Instruction ID: af2c6b42b19139cc042ff868221419c173bcb92ee677adc2b2362df48fa221ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de480bc5cc061fd9856c80761e82027197f765c8599161cb22b9137af11547ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D401A461F0B682A2FB509766D8497F82254EFA4BC5F584431DE4C477D2EF2CE5C2C268
                                                                                                                                                                                                                                          Function 00007FF8A82EDBC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_printf
                                                                                                                                                                                                                                          • String ID: %02X$%s (len=%d):
                                                                                                                                                                                                                                          • API String ID: 601296420-4138326432
                                                                                                                                                                                                                                          • Opcode ID: b1cb416e2851fcbc60b331d1da5903dd760c6e579c2d8ee3c5d157f5ed3d965a
                                                                                                                                                                                                                                          • Instruction ID: 614afd930a30de9a0ef9e46f371b2ee0a426cf57b1b3d184e34c4f4a2c3b37a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1cb416e2851fcbc60b331d1da5903dd760c6e579c2d8ee3c5d157f5ed3d965a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA01A222B1FF52A5E600AB16A5405B8AB21FB54FC0F0C5031FE4D07B5ADF6CD902CB28
                                                                                                                                                                                                                                          Function 00007FF8A82B197E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_process_message
                                                                                                                                                                                                                                          • API String ID: 193678381-2227591447
                                                                                                                                                                                                                                          • Opcode ID: ef9702b7e38cf4233502a5ed84842f8ea6fc219b64a343c695ae01e4f52a91d7
                                                                                                                                                                                                                                          • Instruction ID: 07538c387751fb08aa207c638e4d273a629c346f53c1207696890406059b7193
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef9702b7e38cf4233502a5ed84842f8ea6fc219b64a343c695ae01e4f52a91d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C901F731F1AA8196E700D755E8416F87750EF54BC4F584531EA8C83BAAEF2CE5028754
                                                                                                                                                                                                                                          Function 00007FF8A82FEE60 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions.c$final_psk
                                                                                                                                                                                                                                          • API String ID: 193678381-3009694321
                                                                                                                                                                                                                                          • Opcode ID: b6d6c82328e62f36f674ba8889d3bf4cc3605b8cb21c2f2388fd37a5f1a68fe5
                                                                                                                                                                                                                                          • Instruction ID: 4cc7fbe5947dc9bae6a510b227ff082c604f9157da5dc81232943168fb51615e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d6c82328e62f36f674ba8889d3bf4cc3605b8cb21c2f2388fd37a5f1a68fe5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9F0F425F0714266F7A1A754E8057B92240DF507D0F8C4430C40C0B795EF6CA892C734
                                                                                                                                                                                                                                          Function 00007FF8A82ED94A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_printf$O_indent
                                                                                                                                                                                                                                          • String ID: %s (%d)$unexpected value
                                                                                                                                                                                                                                          • API String ID: 1715996925-1289549259
                                                                                                                                                                                                                                          • Opcode ID: a504f1d434ba6c65c5e8a6b1ab9fcb885afd620bd6019b5a06ca0e9c45058178
                                                                                                                                                                                                                                          • Instruction ID: 8cc4e7f21304b04f8dcafd33e57857e186d47964ca8ee4168a0814374d1e226a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a504f1d434ba6c65c5e8a6b1ab9fcb885afd620bd6019b5a06ca0e9c45058178
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93F04971A0EA42B2E7209B19E8015FC2E51FB41FC1F484531E94D176AAEF3CAA42D22C
                                                                                                                                                                                                                                          Function 00007FF8A82B1C7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_construct_message
                                                                                                                                                                                                                                          • API String ID: 193678381-3648037868
                                                                                                                                                                                                                                          • Opcode ID: 9b8791e6502be92105dd7aa44500e0871caa0e3a64ff869c9f7c2ba7cd90f3b1
                                                                                                                                                                                                                                          • Instruction ID: 3ae772e2b346c1c6c8752abf89c863f4ccf4dd5a9d1d54a4331ee2f3ce0dd762
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b8791e6502be92105dd7aa44500e0871caa0e3a64ff869c9f7c2ba7cd90f3b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20F09061E0B902A6F740D764D846AF82301EF553C4F944931D60C836E6EF3DE5028228
                                                                                                                                                                                                                                          Function 00007FF8A82B1B68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_post_handshake_auth
                                                                                                                                                                                                                                          • API String ID: 193678381-3813554763
                                                                                                                                                                                                                                          • Opcode ID: a1339d128566fc28d5c2bdc317c878f2cf9bb78fbf4c3f09297f8e9a10dd56b0
                                                                                                                                                                                                                                          • Instruction ID: b4f02c997edd47686c205bd743a1e27e1ee3e1c5eecace54aefda821c7c9c829
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1339d128566fc28d5c2bdc317c878f2cf9bb78fbf4c3f09297f8e9a10dd56b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F0A0A2F0B546A6F344E7A0E80A7F92250EF543C0F8C0430D64C47AC6EF7CA5D68628
                                                                                                                                                                                                                                          Function 00007FF8A8311D05 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                                          • API String ID: 193678381-2379272181
                                                                                                                                                                                                                                          • Opcode ID: ac8e286b1e392bd5a9f9c19d9e021ebbeb11fc9caeed72def71b95689e7288a9
                                                                                                                                                                                                                                          • Instruction ID: bb899468885d49a3d41f858c216c20a0e5d2884acf9696a9e258995184441b4f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac8e286b1e392bd5a9f9c19d9e021ebbeb11fc9caeed72def71b95689e7288a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97E0D821B1D943B6F750DBA1F8819E82300EF407C0F840031D54D07556CF3CE5558758
                                                                                                                                                                                                                                          Function 00007FF8A831105E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_newR_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_hello_req
                                                                                                                                                                                                                                          • API String ID: 193678381-485657334
                                                                                                                                                                                                                                          • Opcode ID: 380d9c9547a1b6624ac42043f6c6b0196d63454a39df10088a9d51e2176a6543
                                                                                                                                                                                                                                          • Instruction ID: bc5664639d2aa49ea7344ee946741904403b59c1b48b8956d12e5bac16289ff6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 380d9c9547a1b6624ac42043f6c6b0196d63454a39df10088a9d51e2176a6543
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E04F72B29986A2E740DB26F8015E96311FFD07C0F880432D94C1379A9F3CF5568724
                                                                                                                                                                                                                                          Function 00007FF8A8191FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: strncmp
                                                                                                                                                                                                                                          • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                          • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                          • Opcode ID: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                                                          • Instruction ID: 23ac3c14cf17162ad751f3aaf8ac1f4c5b546085a62c6699445e990ba2bd3aac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE615B72B1AE4266E762CA19A8006BE7252FF80BD4F445235EE6D47BD8EF3CE401C714
                                                                                                                                                                                                                                          Function 00007FF8A82F2B20 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Calc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2662037904-0
                                                                                                                                                                                                                                          • Opcode ID: 65c1bcf7c5f68ffab30a4f4844fe5b499fc2f157dc9c41be98c64b449794fa10
                                                                                                                                                                                                                                          • Instruction ID: c599062849216d4c0312372966eabf709e40b76eddd36d0393c8707c1689cea5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65c1bcf7c5f68ffab30a4f4844fe5b499fc2f157dc9c41be98c64b449794fa10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F911A76270A98652FB409B25D4612FA2350FF89B88F440032DD4D8775AEF2CD641C724
                                                                                                                                                                                                                                          Function 00007FF8A82B1C80 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_find_typeO_get_data
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 280995463-0
                                                                                                                                                                                                                                          • Opcode ID: 0793b635f12887428af14e2403415325e3f0d94a68fe3922b5dad7fc621cca8e
                                                                                                                                                                                                                                          • Instruction ID: ba056627b5e5075977afbfac109643fd5fbecc2ffd6550cc3932c78dfee90ed5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0793b635f12887428af14e2403415325e3f0d94a68fe3922b5dad7fc621cca8e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE014C21F0F64255FA44A752A9092799290DF84FC0F5C4431EE5D8BB8EEF2CE9424768
                                                                                                                                                                                                                                          Function 00007FF8A82B1E38 Relevance: 6.0, APIs: 4, Instructions: 40timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: f2fe9e9e416d208c9b0049020b713772c271f3b0cb7de3c7832740f2b56a75eb
                                                                                                                                                                                                                                          • Instruction ID: 26638da027c30a34e7997c7d909a10191ca7e8a9d779b5b72f6ede577a043474
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2fe9e9e416d208c9b0049020b713772c271f3b0cb7de3c7832740f2b56a75eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4811A022B19F0199EF00CF64E8552B933A4FB19798F480E31DA6D837A4EF7CD1948350
                                                                                                                                                                                                                                          Function 00007FF8A7E79AD8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3291797971.00007FF8A79B1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FF8A79B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3291596382.00007FF8A79B0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3294836632.00007FF8A7E83000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295602925.00007FF8A7FC3000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295626663.00007FF8A7FC7000.00000008.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295648749.00007FF8A7FD2000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295667138.00007FF8A7FD4000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295685490.00007FF8A7FD5000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a79b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: ff4f3edb73ccb2b5a921599c578c821157fd68db91dd4b7440eb1c091a05e9ad
                                                                                                                                                                                                                                          • Instruction ID: 0686f4811d715683b5853018206bc76a07590ce2364a3a903f727e202b3ce239
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff4f3edb73ccb2b5a921599c578c821157fd68db91dd4b7440eb1c091a05e9ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD111C32B15F0199FB40CF64E8552AC33A4FB19B99F441A31EA6D467A4EF7CD2649380
                                                                                                                                                                                                                                          Function 00007FF8A8192C1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                                                          • Instruction ID: c10cde7d917a67214f6a1465b0e8f576c5c58607cf573da992e00ffb4fe56dc1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24113026B15F0199EB00CF60E8552B933A4FB19798F440D31DA6D46BA4DF7CD168C390
                                                                                                                                                                                                                                          Function 00007FF8A82ECB0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s (0x%04x)
                                                                                                                                                                                                                                          • API String ID: 2723189173-3351362759
                                                                                                                                                                                                                                          • Opcode ID: 13991b87e369eed1545d1192fceb5d0c9b50758468dd5dde525e0e2acae3d905
                                                                                                                                                                                                                                          • Instruction ID: 12c4aabc42a0cc3614bfcb1d7f41ba7faf69d1ef5de9464aa80233db85390eec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13991b87e369eed1545d1192fceb5d0c9b50758468dd5dde525e0e2acae3d905
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B11E622F1E59297EB248A19E1112BD6F91EB41BD4F4C4036CE4D03689EF2DE553C32C
                                                                                                                                                                                                                                          Function 00007FF8A82EC9CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s (%d)
                                                                                                                                                                                                                                          • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                                          • Opcode ID: 290cfd9f2578d6012c00051a70f6a5f3a31751d1fa2c3858a7e3bdbe74487c21
                                                                                                                                                                                                                                          • Instruction ID: cd3b4d65a54d935d9cc3cd3eb86169386204529efecb3079d379fd9211acefbe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 290cfd9f2578d6012c00051a70f6a5f3a31751d1fa2c3858a7e3bdbe74487c21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4111DD22F1E691A6EB61CA55D50527A2E92EB85BE0F094032CE5D03789FF3DE542C36C
                                                                                                                                                                                                                                          Function 00007FF8A82ECE69 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s (%d)
                                                                                                                                                                                                                                          • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                                          • Opcode ID: e162f9db817005c00585ce0ec10213b258c87dffdec514ec01c6755402bfd62a
                                                                                                                                                                                                                                          • Instruction ID: e684c2e1aae8e66d5d8a5db63084722bbddfe0196d0e8229dea1f382e8f49de8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e162f9db817005c00585ce0ec10213b258c87dffdec514ec01c6755402bfd62a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40118232A1E692A6EA518A15D4001B96F51EB86BD0F4C4432CE4E17759EF3DE543C72C
                                                                                                                                                                                                                                          Function 00007FF8A82EC93A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_dump_indentO_indentO_printf
                                                                                                                                                                                                                                          • String ID: %s (%d)
                                                                                                                                                                                                                                          • API String ID: 2723189173-2206749211
                                                                                                                                                                                                                                          • Opcode ID: b4332a9955e6fe1012b9039f8a517fb590b7966cde33bc4f5d3a56bbc90e9e3c
                                                                                                                                                                                                                                          • Instruction ID: e57f0c0dde0763ca1d2edaa2768a1cd3546799afe67ddea2a1929c3b12216349
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4332a9955e6fe1012b9039f8a517fb590b7966cde33bc4f5d3a56bbc90e9e3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90118E32A2E692E7EA518A15E4001B96F91EB85BD0F484432CE4E07799EF3DE543C72C
                                                                                                                                                                                                                                          Function 00007FF8A8324C26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3946675294-3916222277
                                                                                                                                                                                                                                          • Opcode ID: f459d6eae67273c59825f5057afe2b67be746f4c1442368492863615d66421ec
                                                                                                                                                                                                                                          • Instruction ID: bdc2b1708ee85aeb38812c3100256025a8c1a7c9ec3915f32b383540926c1332
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f459d6eae67273c59825f5057afe2b67be746f4c1442368492863615d66421ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D01D162F0AB4276FB659B29909537C2681EF94B84F5C8035C60C0B3C6EB7DD8C28728
                                                                                                                                                                                                                                          Function 00007FF8A82ECEFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_indentO_printf
                                                                                                                                                                                                                                          • String ID: max_early_data=%u
                                                                                                                                                                                                                                          • API String ID: 1860387303-3700735580
                                                                                                                                                                                                                                          • Opcode ID: 8f5f58e2c175a65bb584ebcd1229865d30e95bb4e2dd1a2ed57493071db23ced
                                                                                                                                                                                                                                          • Instruction ID: 6c1feae9d62de1a5230db6879bc1941056ea5326594821cce21ced2975c155cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f5f58e2c175a65bb584ebcd1229865d30e95bb4e2dd1a2ed57493071db23ced
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF01F416F0E6A14AE761862DE48027D6FD0D781FD4F0C4132DE9D43696EEAED143CB28
                                                                                                                                                                                                                                          Function 00007FF8A82C4BB6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: 3DES(168)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-1425382332
                                                                                                                                                                                                                                          • Opcode ID: 80c56bf669460c7ae283a5bb910a914187ca2ce988227b59e2b837bca9973e7f
                                                                                                                                                                                                                                          • Instruction ID: 209de3f8dbbae1a3da608fe90b7b4663373f07f48c3b42124c53b5c80c8cbbc4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80c56bf669460c7ae283a5bb910a914187ca2ce988227b59e2b837bca9973e7f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A30171B3C09A91A1E2B4AB54B4440BB6660FB417D0F150577DF8D13A6CCF3CE945D758
                                                                                                                                                                                                                                          Function 00007FF8A82C4BAA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: DES(56)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-3688456565
                                                                                                                                                                                                                                          • Opcode ID: 330be10122b969ef588f184c2212ba202d4cac339f436a845f9b0d9464ea6a49
                                                                                                                                                                                                                                          • Instruction ID: 3e135d40bacde0542a28e9a8e212d7ec0eefda3640435bec6ea2956192e5c084
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 330be10122b969ef588f184c2212ba202d4cac339f436a845f9b0d9464ea6a49
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C60171B3C09A91A1E2B4AB54B4440BB66A0FB417D0F150577DF8D13A6CCF3CED45D658
                                                                                                                                                                                                                                          Function 00007FF8A82C4BDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: IDEA(128)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-2727354722
                                                                                                                                                                                                                                          • Opcode ID: cb3cda230d24ffcfe9c2380903472647c70346dfab95449c4f7702e348b7fc2e
                                                                                                                                                                                                                                          • Instruction ID: d3487edcc10d818f745b4b56e603c4dd660451b5e631fba161b86efdfba7ae62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb3cda230d24ffcfe9c2380903472647c70346dfab95449c4f7702e348b7fc2e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA01B1B2C0AA91A1E2B0AB14B4440BB6660FB417D0F050577DF8C13A6CCF3CE841D218
                                                                                                                                                                                                                                          Function 00007FF8A82C4BCE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: RC2(128)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-4086923701
                                                                                                                                                                                                                                          • Opcode ID: 24c1b70f5e47c98100c3f4ec21ce0afffd4d93cfd70c1fbf526dfc16ad58634e
                                                                                                                                                                                                                                          • Instruction ID: 243f68d627a583c49df521b3fbb9e002ffc76318520f1d1f52d5b52b0ee89847
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24c1b70f5e47c98100c3f4ec21ce0afffd4d93cfd70c1fbf526dfc16ad58634e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 190171B2C09A91A1E2B4AB54B4440BB6660FB417D0F150577DF8D23A6CCF3CE945D658
                                                                                                                                                                                                                                          Function 00007FF8A82C4BC2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_snprintf
                                                                                                                                                                                                                                          • String ID: RC4(128)$SHA256
                                                                                                                                                                                                                                          • API String ID: 3142812517-1400659560
                                                                                                                                                                                                                                          • Opcode ID: c19d1aa8b3c81704404ec0b3086f8eac485458e17100b68f60ba5578d7cc6a83
                                                                                                                                                                                                                                          • Instruction ID: 71a6604b6cb5a90b8e2746899293513f2449209e642b24f4c583f39fdcd24d10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c19d1aa8b3c81704404ec0b3086f8eac485458e17100b68f60ba5578d7cc6a83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C0171B2C09A91A1E2B4AB54B4440BB6660FB417D0F150577DF8D13A6CCF3CE945D658
                                                                                                                                                                                                                                          Function 00007FF8A8324CE7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                          • API String ID: 3946675294-3772416878
                                                                                                                                                                                                                                          • Opcode ID: 91740c4c5d857341c8a9d8c5446a9ba29abebef32c8accec2a972b9b32a33bdf
                                                                                                                                                                                                                                          • Instruction ID: 9bcdb62311c0c13c6b590c3382fbb4e7b440a20f7d83330d7cfeb4b0ff8b21a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91740c4c5d857341c8a9d8c5446a9ba29abebef32c8accec2a972b9b32a33bdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D01A471F06602ABFB60DB25909537C2691EF95B98F584034CA0D0B2C6FB7C98D6C728
                                                                                                                                                                                                                                          Function 00007FF8A82B8A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$File
                                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                                          • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                                          • Opcode ID: 87700e89d8ba6b4a25f8f512b81ccb7933ee874b46122ca3b6fab96fdd1adfda
                                                                                                                                                                                                                                          • Instruction ID: aa65e77a7ff428a964d64a92917ec1e1d67953f6ce5a2ffcc044259b3588d804
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87700e89d8ba6b4a25f8f512b81ccb7933ee874b46122ca3b6fab96fdd1adfda
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B101DBE2B1994546DB50DB29F801169A791E7CC7C4F449032E68DC7759EF2CD2418750
                                                                                                                                                                                                                                          Function 00007FF8A8194B1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                          • String ID: no such name
                                                                                                                                                                                                                                          • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                          • Opcode ID: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                                                          • Instruction ID: 046342df19c3c1282d1f8c44be9f5fade7bba85f496b00b54e7b55d03d14d59b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA012131B1AE42A6FA629B11E8513B53390FF587C8F440031DA4E96764EF2CE004C764
                                                                                                                                                                                                                                          Function 00007FF8A83119F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID: )
                                                                                                                                                                                                                                          • API String ID: 3946675294-2427484129
                                                                                                                                                                                                                                          • Opcode ID: 438bc311c8937f7332016279d50082aef9247e6290f68b5c09461b6884c0945f
                                                                                                                                                                                                                                          • Instruction ID: 280526954d06e90e798631ef9c2fc0c680d27bed40703cc645142b0616621322
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 438bc311c8937f7332016279d50082aef9247e6290f68b5c09461b6884c0945f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CF06222B0964156EF90DF15E0453BC2391EB88FC4F185134CB4D4B786DF3CD4958718
                                                                                                                                                                                                                                          Function 00007FF8A8324CBF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3946675294-3916222277
                                                                                                                                                                                                                                          • Opcode ID: e81f9b95161f74e1a5374a5b757155fc6a0c68021303e68a1b6428fcbb16c491
                                                                                                                                                                                                                                          • Instruction ID: 82b7a9fa39d18b08d973f8a9abf414f60379bcf16e207610b00201fde31ac989
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81f9b95161f74e1a5374a5b757155fc6a0c68021303e68a1b6428fcbb16c491
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDF0A061F0660266FB60AB21909637C1281EB94B88F584434C90D0B7C6EF7DD4C68328
                                                                                                                                                                                                                                          Function 00007FF8A8324E6E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3946675294-3916222277
                                                                                                                                                                                                                                          • Opcode ID: e81f9b95161f74e1a5374a5b757155fc6a0c68021303e68a1b6428fcbb16c491
                                                                                                                                                                                                                                          • Instruction ID: 82b7a9fa39d18b08d973f8a9abf414f60379bcf16e207610b00201fde31ac989
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e81f9b95161f74e1a5374a5b757155fc6a0c68021303e68a1b6428fcbb16c491
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDF0A061F0660266FB60AB21909637C1281EB94B88F584434C90D0B7C6EF7DD4C68328
                                                                                                                                                                                                                                          Function 00007FF8A830EF70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,?,-00000031,00007FF8A830E9C6), ref: 00007FF8A830F029
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                          • API String ID: 488089507-552286378
                                                                                                                                                                                                                                          • Opcode ID: 33c8e9640b7afbd745314a3a113e670b8fafdbb325bbfd3871fc7e2b0969a08a
                                                                                                                                                                                                                                          • Instruction ID: 9b5dfc42a7083401733bb8fb8c8e65926cea774736d6cb10798b7e6ee29eb14d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33c8e9640b7afbd745314a3a113e670b8fafdbb325bbfd3871fc7e2b0969a08a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F05E23619A82AAD742DB61B8155E93720EB85BD4F594073CE4843592DB3DD587D310
                                                                                                                                                                                                                                          Function 00007FF8A830EFB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ERR_set_debug.LIBCRYPTO-3(?,?,?,-00000031,00007FF8A830E9C6), ref: 00007FF8A830F029
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3296196485.00007FF8A82B1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FF8A82B0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296177955.00007FF8A82B0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296196485.00007FF8A8332000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296266491.00007FF8A8334000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296299241.00007FF8A835C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8361000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A8367000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296319259.00007FF8A836F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a82b0000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: R_set_debug
                                                                                                                                                                                                                                          • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                          • API String ID: 488089507-552286378
                                                                                                                                                                                                                                          • Opcode ID: 7035d6edbfbdf556db589d706b220857123b72aab4cc5fa16c9d77726bce25a7
                                                                                                                                                                                                                                          • Instruction ID: 3b159e7ec1dec03f8231bc7c6ede2325f52a10fc8fa0700b8832afe2c3084702
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7035d6edbfbdf556db589d706b220857123b72aab4cc5fa16c9d77726bce25a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFF08223A09681AAE342DB61F4057D93320F794B94F584073CF4803655DB39D586C314
                                                                                                                                                                                                                                          Function 00007FF8A81925C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FF8A8192533), ref: 00007FF8A81925C6
                                                                                                                                                                                                                                          • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FF8A8192533), ref: 00007FF8A81925F8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.3295928313.00007FF8A8191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FF8A8190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295909481.00007FF8A8190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8195000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A81F2000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A823E000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8242000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A8247000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3295949341.00007FF8A829F000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296139104.00007FF8A82A2000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.3296159053.00007FF8A82A4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ff8a8190000_I6H1RkEHlX.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Track
                                                                                                                                                                                                                                          • String ID: 3.2.0
                                                                                                                                                                                                                                          • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                          • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                                          • Instruction ID: ce44a7b1750ed8606bf1955aff2cdbd7585052d32a4578ed2fac2314493aa207
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AE0ED24A57F02B1EA168B21E8440A433B4FF08789F540135CD5D02310FF3CE1A4C268