Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
L5OMdZqWzq.exe

Overview

General Information

Sample name:L5OMdZqWzq.exe
renamed because original name is a hash value
Original sample name:2f1f7def1fb58a59bcda870b387a7825e2d468250fae590df12ce18264542d83.exe
Analysis ID:1571336
MD5:c1f933e0605004deceb65e009aa586fb
SHA1:0a2d9b863dd499f88e7d92ec4ea2f3b5e81836d5
SHA256:2f1f7def1fb58a59bcda870b387a7825e2d468250fae590df12ce18264542d83
Tags:busquedasxurl-comexeuser-JAMESWT_MHT
Infos:

Detection

Python Stealer
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contains functionality to infect the boot sector
Machine Learning detection for sample
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • L5OMdZqWzq.exe (PID: 3280 cmdline: "C:\Users\user\Desktop\L5OMdZqWzq.exe" MD5: C1F933E0605004DECEB65E009AA586FB)
    • L5OMdZqWzq.exe (PID: 5940 cmdline: "C:\Users\user\Desktop\L5OMdZqWzq.exe" MD5: C1F933E0605004DECEB65E009AA586FB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: L5OMdZqWzq.exe PID: 5940JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: L5OMdZqWzq.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: L5OMdZqWzq.exeReversingLabs: Detection: 21%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
    Machine Learning detection for sample
    Source: L5OMdZqWzq.exeJoe Sandbox ML: detected
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213AA0 CryptDestroyHash,2_2_00007FFBAA213AA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213B10 CryptDestroyHash,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA213B10
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214F10 CryptReleaseContext,2_2_00007FFBAA214F10
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215B00 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA215B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21D2F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptAndVerifyMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,2_2_00007FFBAA21D2F0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21B6E0 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_Format,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptQueryObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyLong_FromVoidPtr,Py_BuildValue,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFBAA21B6E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21D6E0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,_Py_NoneStruct,PyExc_NotImplementedError,PyErr_SetString,strcmp,malloc,PyExc_MemoryError,PyErr_Format,strcmp,PyExc_NotImplementedError,PyErr_Format,PyErr_Format,malloc,PyEval_SaveThread,CryptEncodeObjectEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,strcmp,free,LocalFree,2_2_00007FFBAA21D6E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2142E0 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFBAA2142E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213B50 PyArg_ParseTupleAndKeywords,CryptDuplicateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA213B50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214F50 CryptReleaseContext,2_2_00007FFBAA214F50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21C340 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,??1PyWinBufferView@@QEAA@XZ,CertCloseStore,free,2_2_00007FFBAA21C340
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214340 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFBAA214340
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA219F30 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptSetProviderExW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAA219F30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213F20 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptVerifySignatureW,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA213F20
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214F20 CryptReleaseContext,2_2_00007FFBAA214F20
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA219B80 PyList_New,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,_Py_NoneStruct,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProviderTypesW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,2_2_00007FFBAA219B80
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21476B PyArg_ParseTupleAndKeywords,CryptDuplicateKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA21476B
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21EB70 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptBinaryToStringW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA21EB70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21CBD0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,CryptGetMessageCertificates,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,PyLong_FromVoidPtr,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA21CBD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21B3D0 PyArg_ParseTupleAndKeywords,PyList_New,PyEval_SaveThread,CryptEnumOIDInfo,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA21B3D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2197B0 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptAcquireContextW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAA2197B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2157A1 _PyArg_ParseTupleAndKeywords_SizeT,CryptGetUserKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA2157A1
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21C000 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,_Py_Dealloc,??1PyWinBufferView@@QEAA@XZ,memset,CertDuplicateCertificateContext,_Py_Dealloc,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_ValueError,PyExc_TypeError,PyErr_SetString,CertFreeCertificateContext,free,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,2_2_00007FFBAA21C000
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214400 CryptDestroyKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAA214400
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214050 PyArg_ParseTupleAndKeywords,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetHashParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_Format,PyBytes_FromStringAndSize,PyLong_FromUnsignedLong,free,2_2_00007FFBAA214050
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21A040 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptFindLocalizedName,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAA21A040
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214440 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptExportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportKey,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFBAA214440
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA219430 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptUnprotectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyBytes_FromStringAndSize,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,Py_BuildValue,LocalFree,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAA219430
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213C20 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptHashData,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA213C20
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215020 _PyArg_ParseTupleAndKeywords_SizeT,CryptReleaseContext,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA215020
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215890 _PyArg_ParseTupleAndKeywords_SizeT,malloc,PyExc_MemoryError,PyErr_Format,memset,memcpy,CryptGenRandom,PyBytes_FromStringAndSize,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFBAA215890
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21AC80 PyArg_ParseTupleAndKeywords,PyExc_ValueError,PyErr_SetString,PyExc_TypeError,PyErr_SetString,PyArg_ParseTuple,PyLong_AsLong,PyErr_Occurred,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyBytes_AsString,PyEval_SaveThread,CryptFindOIDInfo,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA21AC80
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214880 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyErr_NoMemory,CryptEncrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA214880
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215C70 _PyArg_ParseTupleAndKeywords_SizeT,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptExportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,2_2_00007FFBAA215C70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21C8D0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptVerifyMessageSignature,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,??1PyWinBufferView@@QEAA@XZ,free,2_2_00007FFBAA21C8D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2150A0 _PyArg_ParseTupleAndKeywords_SizeT,CryptGenKey,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA2150A0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213D10 PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,CryptHashSessionKey,_Py_NoneStruct,_Py_NoneStruct,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA213D10
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21ED00 PyArg_ParseTupleAndKeywords,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,PyEval_SaveThread,CryptStringToBinaryW,PyEval_RestoreThread,_Py_Dealloc,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,PyMem_Free,2_2_00007FFBAA21ED00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21D0F0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptVerifyDetachedMessageSignature,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,free,free,??1PyWinBufferView@@QEAA@XZ,free,2_2_00007FFBAA21D0F0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21CD50 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptGetMessageSignerCount,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyLong_FromLong,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA21CD50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA212D50 PyExc_ValueError,PyErr_SetString,PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptAcquireCertificatePrivateKey,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,CryptContextAddRef,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NewReference,Py_BuildValue,2_2_00007FFBAA212D50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA219940 PyList_New,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,malloc,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,Py_BuildValue,PyList_Append,_Py_Dealloc,free,PyEval_SaveThread,CryptEnumProvidersW,PyEval_RestoreThread,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_Dealloc,free,GetLastError,free,PyExc_MemoryError,PyErr_Format,2_2_00007FFBAA219940
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214D40 CryptMsgClose,_Py_Dealloc,2_2_00007FFBAA214D40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215180 _PyArg_ParseTupleAndKeywords_SizeT,CryptGetProvParam,malloc,PyExc_MemoryError,PyErr_Format,CryptGetProvParam,PyExc_NotImplementedError,PyErr_SetString,free,CryptGetProvParam,PyBool_FromLong,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,_Py_BuildValue_SizeT,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,CryptGetProvParam,GetLastError,malloc,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,PyList_New,CryptGetProvParam,?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z,_Py_BuildValue_SizeT,PyList_Append,_Py_Dealloc,CryptGetProvParam,_Py_Dealloc,GetLastError,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA215180
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214D80 CryptMsgClose,_Py_Dealloc,2_2_00007FFBAA214D80
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21E570 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyLong_AsVoidPtr,PyErr_Occurred,PyErr_Clear,PyBytes_AsString,PyExc_ValueError,PyErr_Format,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,_Py_NoneStruct,PyExc_ValueError,PyErr_SetString,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptFormatObject,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA21E570
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA219DD0 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptGetDefaultProviderW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,free,2_2_00007FFBAA219DD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2191D0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,_Py_NoneStruct,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,??1PyWinBufferView@@QEAA@XZ,??1PyWinBufferView@@QEAA@XZ,_Py_NoneStruct,PyEval_SaveThread,CryptProtectData,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,LocalFree,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyMem_Free,2_2_00007FFBAA2191D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214DD0 CryptMsgClose,_Py_Dealloc,2_2_00007FFBAA214DD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213DD0 PyArg_ParseTupleAndKeywords,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptSignHashW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,2_2_00007FFBAA213DD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2145D0 PyArg_ParseTupleAndKeywords,CryptGetKeyParam,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,CryptGetKeyParam,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,free,2_2_00007FFBAA2145D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2159C0 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,CryptCreateHash,_Py_NewReference,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA2159C0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21B1B0 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,?init@PyWinBufferView@@QEAA_NPEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,PyEval_SaveThread,CryptEnumKeyIdentifierProperties,PyEval_RestoreThread,_Py_Dealloc,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFBAA21B1B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21C5B0 PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignAndEncryptMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,CertFreeCertificateContext,free,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA21C5B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215DB0 _PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,_PyArg_ParseTupleAndKeywords_SizeT,CryptImportPublicKeyInfo,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,2_2_00007FFBAA215DB0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214A50 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,malloc,PyErr_NoMemory,memcpy,CryptDecrypt,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,free,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA214A50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21CE40 PyArg_ParseTupleAndKeywords,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,malloc,PyExc_MemoryError,PyErr_Format,PyEval_SaveThread,CryptSignMessage,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,CertFreeCertificateContext,free,free,free,free,2_2_00007FFBAA21CE40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21AE30 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CryptGetKeyIdentifierProperty,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyExc_NotImplementedError,PyErr_SetString,LocalFree,??1PyWinBufferView@@QEAA@XZ,PyMem_Free,2_2_00007FFBAA21AE30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21BA90 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,free,CertCloseStore,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,Py_BuildValue,malloc,PyErr_NoMemory,PyEval_SaveThread,CryptDecodeMessage,PyEval_RestoreThread,PyErr_Occurred,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,free,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,_Py_NoneStruct,_Py_NoneStruct,_Py_NewReference,PyBytes_FromStringAndSize,Py_BuildValue,free,CertFreeCertificateContext,CertFreeCertificateContext,2_2_00007FFBAA21BA90
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214290 _Py_Dealloc,_Py_Dealloc,CryptDestroyKey,2_2_00007FFBAA214290
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA214E70 CryptMsgClose,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAA214E70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213A70 CryptDestroyHash,2_2_00007FFBAA213A70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA213A60 CryptDestroyHash,2_2_00007FFBAA213A60
    Source: L5OMdZqWzq.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468722288.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468940721.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466790933.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2726693547.00007FFBAB7C5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467254479.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466589845.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468162440.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468581807.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469016844.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: L5OMdZqWzq.exe, 00000002.00000002.2723712181.00007FFBAA879000.00000002.00000001.01000000.00000013.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: L5OMdZqWzq.exe, 00000000.00000003.1464593807.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728093045.00007FFBBB473000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: L5OMdZqWzq.exe, 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466990141.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468297811.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464740185.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727265148.00007FFBB5CB5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468014158.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468513518.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2727972949.00007FFBBB451000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2725894214.00007FFBAB267000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466655304.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467463665.0000023530538000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466451344.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466721337.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2726090532.00007FFBAB5F8000.00000002.00000001.01000000.00000014.sdmp, _asyncio.pyd.0.dr
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468433643.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2725993184.00007FFBAB2A2000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727713011.00007FFBBB40C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727852542.00007FFBBB42D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467601553.0000023530538000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: L5OMdZqWzq.exe, 00000002.00000002.2726693547.00007FFBAB7C5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2726896483.00007FFBB4C49000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: L5OMdZqWzq.exe, 00000000.00000003.1464740185.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727265148.00007FFBB5CB5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469170748.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2724579921.00007FFBAADD4000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466924213.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2722698085.00007FFBAA4BF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: L5OMdZqWzq.exe, 00000002.00000002.2723712181.00007FFBAA911000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: L5OMdZqWzq.exe, 00000002.00000002.2726253645.00007FFBAB694000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468096566.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467393870.0000023530538000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727488947.00007FFBB69A6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466521757.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468363269.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464593807.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728093045.00007FFBBB473000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467185484.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468794092.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2723712181.00007FFBAA911000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467533939.0000023530538000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467326392.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728182595.00007FFBBBE93000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469257517.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467666133.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468232250.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467735666.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466857977.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727713011.00007FFBBB40C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468870332.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467118463.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: L5OMdZqWzq.exe, 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727607365.00007FFBB7EE3000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728275261.00007FFBBC704000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467053646.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728275261.00007FFBBC704000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2725691024.00007FFBAB21F000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716755081.00000249EB1A0000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2726253645.00007FFBAB694000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468649696.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469091691.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2726498082.00007FFBAB6ED000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975688D0 FindFirstFileExW,FindClose,0_2_00007FF6975688D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF697577E4C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF697577E4C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697581EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF697581EE4
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,2_2_00007FFBAA0C2E70
    Source: Joe Sandbox ViewIP Address: 34.224.200.202 34.224.200.202
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718379785.00000249EC1B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503687819.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE4A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC6D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
    Source: L5OMdZqWzq.exe, 00000000.00000003.1488050035.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssured
    Source: L5OMdZqWzq.exe, 00000000.00000003.1488050035.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssured.com0A
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530545000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530545000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499894440.00000249EBB3F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499555992.00000249EBBD7000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB38000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBDB0000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503783489.00000249EBDA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530545000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
    Source: _asyncio.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
    Source: L5OMdZqWzq.exe, 00000002.00000003.1503687819.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC6D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC767000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719555383.00000249ED190000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED090000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC6D2000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED12C000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503783489.00000249EBDA1000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718490430.00000249EC390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718490430.00000249EC390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718570316.00000249EC490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD4B000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503917154.00000249EBD3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719555383.00000249ED258000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530545000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530545000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718570316.00000249EC490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD4B000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/K
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/RNAM
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/t
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE4A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719555383.00000249ED190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718490430.00000249EC390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/kD
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
    Source: L5OMdZqWzq.exe, 00000000.00000003.1486256711.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1482026141.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1476346818.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBC74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps/=
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718725988.00000249EC690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/botz
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717445541.00000249EB9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://busquedasxurl.com/login/conexion/recibidor.php
    Source: L5OMdZqWzq.exe, L5OMdZqWzq.exe, 00000002.00000002.2721884428.00007FFBAA1BD000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
    Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBDB0000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503783489.00000249EBDA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716450907.00000249E985A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB270000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719711909.00000249ED390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
    Source: L5OMdZqWzq.exe, L5OMdZqWzq.exe, 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drString found in binary or memory: https://github.com/mhammond/pywin32
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
    Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
    Source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716998631.00000249EB5B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716596139.00000249EB10C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
    Source: L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716450907.00000249E985A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB270000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
    Source: L5OMdZqWzq.exe, 00000002.00000003.1496656881.00000249EB83D000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499367249.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1497410275.00000249EB86D000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1497080914.00000249EB857000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues/396
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716450907.00000249E985A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB270000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503880698.00000249EBE98000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
    Source: L5OMdZqWzq.exe, 00000002.00000003.1503783489.00000249EBDA1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
    Source: L5OMdZqWzq.exe, 00000002.00000003.1503917154.00000249EBD79000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
    Source: L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED090000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719711909.00000249ED42C000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717445541.00000249EB9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB38000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
    Source: L5OMdZqWzq.exe, 00000002.00000003.1499719727.00000249EBC60000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499555992.00000249EBC57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718379785.00000249EC1B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
    Source: L5OMdZqWzq.exe, 00000002.00000003.1499719727.00000249EBC60000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499555992.00000249EBC57000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBC57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717445541.00000249EB9B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717356895.00000249EB8B0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2724579921.00007FFBAADD4000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718379785.00000249EC1B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499753239.00000249EB6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioxep
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC78F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719711909.00000249ED390000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC6D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
    Source: L5OMdZqWzq.exe, 00000002.00000003.1503687819.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
    Source: L5OMdZqWzq.exe, 00000002.00000003.1503917154.00000249EBD79000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
    Source: L5OMdZqWzq.exe, 00000002.00000003.1503917154.00000249EBD79000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470541664.0000023530539000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
    Source: L5OMdZqWzq.exe, 00000000.00000003.1470626477.0000023530546000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1470541664.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1470541664.0000023530546000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC767000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
    Source: L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2726365860.00007FFBAB6CF000.00000002.00000001.01000000.00000012.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2724314909.00007FFBAA9BA000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
    Source: L5OMdZqWzq.exe, 00000002.00000003.1492137664.00000249EB32D000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1492137664.00000249EB33A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716596139.00000249EB090000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1492212510.00000249EB340000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
    Source: L5OMdZqWzq.exe, 00000002.00000002.2725164585.00007FFBAAF4C000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2724579921.00007FFBAADD4000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://www.python.org/psf/license/)
    Source: L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
    Source: L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
    Source: L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA215B00 _Py_NoneStruct,_PyArg_ParseTupleAndKeywords_SizeT,PyExc_TypeError,PyErr_SetString,??0PyWinBufferView@@QEAA@PEAU_object@@_N1@Z,CryptImportKey,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,??1PyWinBufferView@@QEAA@XZ,2_2_00007FFBAA215B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C1E90 PyList_New,GetActiveProcessorCount,PyErr_SetFromWindowsErr,_Py_Dealloc,free,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,Py_BuildValue,PyList_Append,_Py_Dealloc,free,_Py_Dealloc,2_2_00007FFBAA0C1E90
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C6AA0 OpenProcess,GetLastError,NtQueryInformationProcess,RtlNtStatusToDosErrorNoTeb,PyErr_SetFromWindowsErrWithFilename,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,ReadProcessMemory,NtQueryInformationProcess,CloseHandle,ReadProcessMemory,ReadProcessMemory,VirtualQueryEx,GetLastError,PyErr_SetFromWindowsErrWithFilename,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,ReadProcessMemory,GetLastError,CloseHandle,free,CloseHandle,2_2_00007FFBAA0C6AA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C73F0 malloc,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,free,free,2_2_00007FFBAA0C73F0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C5810 PyArg_ParseTuple,OpenProcess,GetLastError,NtSetInformationProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAA0C5810
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C4D00 PyArg_ParseTuple,OpenProcess,GetLastError,PyObject_IsTrue,NtSuspendProcess,NtResumeProcess,CloseHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAA0C4D00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C6600 PyList_New,EnterCriticalSection,GetProcessHeap,HeapAlloc,PyErr_NoMemory,_Py_Dealloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,PyExc_RuntimeError,PyErr_SetString,GetCurrentProcess,DuplicateHandle,PyUnicode_FromWideChar,PyList_Append,_Py_Dealloc,GetProcessHeap,HeapFree,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,_Py_Dealloc,GetProcessHeap,HeapFree,LeaveCriticalSection,2_2_00007FFBAA0C6600
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C5720 PyArg_ParseTuple,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,Py_BuildValue,2_2_00007FFBAA0C5720
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C6250 GetProcessHeap,HeapAlloc,GetFileType,SetLastError,NtQueryObject,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,PyErr_NoMemory,GetProcessHeap,HeapFree,2_2_00007FFBAA0C6250
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C6E40 PyExc_RuntimeError,PyErr_SetString,OpenProcess,GetLastError,NtQueryInformationProcess,CloseHandle,CloseHandle,calloc,PyErr_NoMemory,CloseHandle,NtQueryInformationProcess,calloc,PyErr_NoMemory,free,CloseHandle,wcscpy_s,free,CloseHandle,2_2_00007FFBAA0C6E40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C4A70 PyArg_ParseTuple,OpenProcess,GetLastError,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQueryVirtualMemory,PyExc_RuntimeError,PyErr_SetString,CloseHandle,PyErr_Clear,GetProcessHeap,HeapFree,CloseHandle,GetProcessHeap,HeapFree,CloseHandle,Py_BuildValue,PyErr_NoMemory,CloseHandle,2_2_00007FFBAA0C4A70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2480 GetActiveProcessorCount,PyErr_SetFromWindowsErr,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,PyExc_RuntimeError,PyErr_SetString,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,malloc,PyErr_NoMemory,NtQuerySystemInformation,malloc,PyErr_NoMemory,NtQuerySystemInformation,free,free,free,free,free,Py_BuildValue,2_2_00007FFBAA0C2480
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C4680 PyArg_ParseTuple,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,NtQuerySystemInformation,GetProcessHeap,HeapFree,Py_BuildValue,PyUnicode_FromWideChar,GetProcessHeap,HeapFree,PyErr_NoMemory,2_2_00007FFBAA0C4680
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2B00: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle,2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697580F380_2_00007FF697580F38
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975863700_2_00007FF697586370
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975872BC0_2_00007FF6975872BC
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975679500_2_00007FF697567950
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975720A00_2_00007FF6975720A0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975718800_2_00007FF697571880
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577E4C0_2_00007FF697577E4C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697561F500_2_00007FF697561F50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69757E01C0_2_00007FF69757E01C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697589FF80_2_00007FF697589FF8
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697568FD00_2_00007FF697568FD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697571E940_2_00007FF697571E94
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577E4C0_2_00007FF697577E4C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69758471C0_2_00007FF69758471C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697575F300_2_00007FF697575F30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697581EE40_2_00007FF697581EE4
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975736E00_2_00007FF6975736E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975786D00_2_00007FF6975786D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697586D700_2_00007FF697586D70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697572D500_2_00007FF697572D50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975865EC0_2_00007FF6975865EC
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577C980_2_00007FF697577C98
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69757E4B00_2_00007FF69757E4B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697571C900_2_00007FF697571C90
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69757A4300_2_00007FF69757A430
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975722A40_2_00007FF6975722A4
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697571A840_2_00007FF697571A84
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975842800_2_00007FF697584280
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697580F380_2_00007FF697580F38
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69757EB300_2_00007FF69757EB30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697573AE40_2_00007FF697573AE4
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C1E902_2_00007FFBAA0C1E90
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C99D02_2_00007FFBAA0C99D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C4DF02_2_00007FFBAA0C4DF0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2B002_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C66002_2_00007FFBAA0C6600
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C8F302_2_00007FFBAA0C8F30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2E702_2_00007FFBAA0C2E70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C39902_2_00007FFBAA0C3990
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0E24302_2_00007FFBAA0E2430
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0E1FD02_2_00007FFBAA0E1FD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0F48202_2_00007FFBAA0F4820
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0F45D02_2_00007FFBAA0F45D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1024A02_2_00007FFBAA1024A0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1035502_2_00007FFBAA103550
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1029C02_2_00007FFBAA1029C0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA102EC02_2_00007FFBAA102EC0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA101FF02_2_00007FFBAA101FF0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA101D802_2_00007FFBAA101D80
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA111D402_2_00007FFBAA111D40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1121102_2_00007FFBAA112110
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1221C02_2_00007FFBAA1221C0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA121F102_2_00007FFBAA121F10
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA141FA02_2_00007FFBAA141FA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA151F402_2_00007FFBAA151F40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1520502_2_00007FFBAA152050
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA161D402_2_00007FFBAA161D40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1622D02_2_00007FFBAA1622D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1721602_2_00007FFBAA172160
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1820702_2_00007FFBAA182070
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1AB4502_2_00007FFBAA1AB450
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2194302_2_00007FFBAA219430
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2151802_2_00007FFBAA215180
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2191D02_2_00007FFBAA2191D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2CBAD02_2_00007FFBAA2CBAD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA259AB02_2_00007FFBAA259AB0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2C8B102_2_00007FFBAA2C8B10
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2D5B002_2_00007FFBAA2D5B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA286B402_2_00007FFBAA286B40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2CFB302_2_00007FFBAA2CFB30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA27BB912_2_00007FFBAA27BB91
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA243BC02_2_00007FFBAA243BC0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2C2BB02_2_00007FFBAA2C2BB0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA283BA02_2_00007FFBAA283BA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA249C802_2_00007FFBAA249C80
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA24FC702_2_00007FFBAA24FC70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2B58A02_2_00007FFBAA2B58A0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2EE8E02_2_00007FFBAA2EE8E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA24A9402_2_00007FFBAA24A940
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2F79202_2_00007FFBAA2F7920
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2639802_2_00007FFBAA263980
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2759602_2_00007FFBAA275960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2B099B2_2_00007FFBAA2B099B
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2F59E02_2_00007FFBAA2F59E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2A5A402_2_00007FFBAA2A5A40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2D5EF02_2_00007FFBAA2D5EF0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA257F602_2_00007FFBAA257F60
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA29EFB02_2_00007FFBAA29EFB0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA25BFA02_2_00007FFBAA25BFA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2890102_2_00007FFBAA289010
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA26CFE02_2_00007FFBAA26CFE0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2470302_2_00007FFBAA247030
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2590602_2_00007FFBAA259060
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2510602_2_00007FFBAA251060
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2BB0602_2_00007FFBAA2BB060
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA268CB02_2_00007FFBAA268CB0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA299D802_2_00007FFBAA299D80
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA24BDA02_2_00007FFBAA24BDA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA25CDE02_2_00007FFBAA25CDE0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2AAE702_2_00007FFBAA2AAE70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2672D02_2_00007FFBAA2672D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2C83102_2_00007FFBAA2C8310
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2662F02_2_00007FFBAA2662F0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2E43302_2_00007FFBAA2E4330
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2A33B02_2_00007FFBAA2A33B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2F44102_2_00007FFBAA2F4410
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2534902_2_00007FFBAA253490
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA29A4902_2_00007FFBAA29A490
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2440B02_2_00007FFBAA2440B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2F20B02_2_00007FFBAA2F20B0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2AA1102_2_00007FFBAA2AA110
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA3010E02_2_00007FFBAA3010E0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2A11D02_2_00007FFBAA2A11D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2F51C02_2_00007FFBAA2F51C0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA28F2302_2_00007FFBAA28F230
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2432952_2_00007FFBAA243295
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2DA2802_2_00007FFBAA2DA280
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2E76C02_2_00007FFBAA2E76C0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2C67002_2_00007FFBAA2C6700
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA2566F02_2_00007FFBAA2566F0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: String function: 00007FFBAA2494B0 appears 108 times
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: String function: 00007FFBAA0C1070 appears 43 times
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: String function: 00007FF697562B30 appears 47 times
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: String function: 00007FFBAA24A550 appears 126 times
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: String function: 00007FFBAA1EC090 appears 47 times
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: String function: 00007FFBAA0C1D70 appears 39 times
    Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
    Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: python3.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466721337.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467254479.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468581807.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467326392.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468162440.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1489479186.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468870332.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468096566.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1484826579.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466790933.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466589845.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468014158.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466256313.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468722288.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466105065.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1487696036.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1469170748.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467053646.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468297811.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1482373178.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468433643.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1488513298.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1464593807.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1469257517.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465390922.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467666133.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468513518.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466990141.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467118463.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1464740185.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468649696.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467463665.0000023530538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1489627170.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1469016844.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465239080.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468232250.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467185484.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467735666.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466521757.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467601553.0000023530538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466857977.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466451344.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468794092.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1469091691.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467533939.0000023530538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468363269.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1468940721.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466924213.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1488050035.0000023530539000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1467393870.0000023530538000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000000.00000003.1466655304.0000023530536000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exeBinary or memory string: OriginalFilename vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2727309356.00007FFBB5CB9000.00000002.00000001.01000000.0000001F.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2727649112.00007FFBB7EE6000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2728014410.00007FFBBB45E000.00000002.00000001.01000000.00000008.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2726031601.00007FFBAB2AD000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2727529123.00007FFBB69AB000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2726938445.00007FFBB4C53000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716755081.00000249EB1A0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpBinary or memory string: OriginalFilenamewin32crypt.pyd0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2725530743.00007FFBAB075000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpBinary or memory string: OriginalFilenamepywintypes312.dll0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2725931741.00007FFBAB26E000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2723009212.00007FFBAA4C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2726365860.00007FFBAB6CF000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenamelibsslH vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2728311303.00007FFBBC707000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2727904776.00007FFBBB432000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2726760393.00007FFBAB802000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722590871.00007FFBAA39F000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2726129548.00007FFBAB5FF000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2728127113.00007FFBBB479000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2725731897.00007FFBAB22B000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2727781455.00007FFBBB415000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2724314909.00007FFBAA9BA000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2726581738.00007FFBAB709000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs L5OMdZqWzq.exe
    Source: L5OMdZqWzq.exe, 00000002.00000002.2728219241.00007FFBBBE96000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs L5OMdZqWzq.exe
    Source: classification engineClassification label: mal72.troj.evad.winEXE@3/122@1/1
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697568560 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF697568560
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21A8E1 _Py_NoneStruct,PyArg_ParseTupleAndKeywords,PyExc_TypeError,PyErr_SetString,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,CertOpenSystemStoreW,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NewReference,PyLong_FromVoidPtr,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,2_2_00007FFBAA21A8E1
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C7DB0 GetCurrentProcess,OpenProcessToken,GetLastError,ImpersonateSelf,OpenProcessToken,GetLastError,PyErr_SetFromWindowsErrWithFilename,LookupPrivilegeValueA,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,GetLastError,PyErr_SetFromWindowsErrWithFilename,AdjustTokenPrivileges,RevertToSelf,CloseHandle,2_2_00007FFBAA0C7DB0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2A30 PyArg_ParseTuple,PyUnicode_AsWideCharString,PyEval_SaveThread,GetDiskFreeSpaceExW,PyEval_RestoreThread,PyMem_Free,PyExc_OSError,PyErr_SetExcFromWindowsErrWithFilenameObject,Py_BuildValue,2_2_00007FFBAA0C2A30
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C4DF0 PyList_New,PyArg_ParseTuple,CreateToolhelp32Snapshot,_Py_Dealloc,CloseHandle,CloseHandle,Thread32First,OpenThread,GetThreadTimes,Py_BuildValue,PyList_Append,_Py_Dealloc,CloseHandle,Thread32Next,CloseHandle,_Py_Dealloc,2_2_00007FFBAA0C4DF0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C8AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAA0C8AA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802Jump to behavior
    Source: L5OMdZqWzq.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
    Source: L5OMdZqWzq.exe, L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
    Source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
    Source: L5OMdZqWzq.exeReversingLabs: Detection: 21%
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile read: C:\Users\user\Desktop\L5OMdZqWzq.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\L5OMdZqWzq.exe "C:\Users\user\Desktop\L5OMdZqWzq.exe"
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeProcess created: C:\Users\user\Desktop\L5OMdZqWzq.exe "C:\Users\user\Desktop\L5OMdZqWzq.exe"
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeProcess created: C:\Users\user\Desktop\L5OMdZqWzq.exe "C:\Users\user\Desktop\L5OMdZqWzq.exe"Jump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: vcruntime140.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: libffi-8.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: libssl-3.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: libcrypto-3.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: sqlite3.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: pywintypes312.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: vcruntime140_1.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: wtsapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
    Source: L5OMdZqWzq.exeStatic PE information: Image base 0x140000000 > 0x60000000
    Source: L5OMdZqWzq.exeStatic file information: File size 17568230 > 1048576
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: L5OMdZqWzq.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
    Source: L5OMdZqWzq.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468722288.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468940721.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466790933.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
    Source: Binary string: ucrtbase.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2726693547.00007FFBAB7C5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467254479.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
    Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466589845.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468162440.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468581807.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469016844.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.0.dr
    Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: L5OMdZqWzq.exe, 00000002.00000002.2723712181.00007FFBAA879000.00000002.00000001.01000000.00000013.sdmp, libcrypto-3.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb source: win32api.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: L5OMdZqWzq.exe, 00000000.00000003.1464593807.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728093045.00007FFBBB473000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: L5OMdZqWzq.exe, 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465759721.0000023530536000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
    Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466990141.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468297811.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464740185.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727265148.00007FFBB5CB5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468014158.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468513518.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmp, pywintypes312.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2727972949.00007FFBBB451000.00000002.00000001.01000000.00000008.sdmp, _ctypes.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465547371.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2725894214.00007FFBAB267000.00000002.00000001.01000000.00000017.sdmp, _hashlib.pyd.0.dr
    Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466655304.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467463665.0000023530538000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466451344.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466721337.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464884456.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2726090532.00007FFBAB5F8000.00000002.00000001.01000000.00000014.sdmp, _asyncio.pyd.0.dr
    Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468433643.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2725993184.00007FFBAB2A2000.00000002.00000001.01000000.00000016.sdmp, pyexpat.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727713011.00007FFBBB40C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464992797.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727852542.00007FFBBB42D000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
    Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467601553.0000023530538000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
    Source: Binary string: ucrtbase.pdbUGP source: L5OMdZqWzq.exe, 00000002.00000002.2726693547.00007FFBAB7C5000.00000002.00000001.01000000.00000004.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465995049.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2726896483.00007FFBB4C49000.00000002.00000001.01000000.0000000D.sdmp, _socket.pyd.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: L5OMdZqWzq.exe, 00000000.00000003.1464740185.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727265148.00007FFBB5CB5000.00000002.00000001.01000000.0000001F.sdmp, VCRUNTIME140_1.dll.0.dr
    Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469170748.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2724579921.00007FFBAADD4000.00000002.00000001.01000000.00000005.sdmp
    Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466924213.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1489048928.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2722698085.00007FFBAA4BF000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: L5OMdZqWzq.exe, 00000002.00000002.2723712181.00007FFBAA911000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: L5OMdZqWzq.exe, 00000002.00000002.2726253645.00007FFBAB694000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468096566.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467393870.0000023530538000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465832176.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727488947.00007FFBB69A6000.00000002.00000001.01000000.00000015.sdmp
    Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466521757.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468363269.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1464593807.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728093045.00007FFBBB473000.00000002.00000001.01000000.00000006.sdmp, VCRUNTIME140.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmp
    Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467185484.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
    Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468794092.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2723712181.00007FFBAA911000.00000002.00000001.01000000.00000013.sdmp
    Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467533939.0000023530538000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
    Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467326392.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1487814571.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728182595.00007FFBBBE93000.00000002.00000001.01000000.0000000E.sdmp, select.pyd.0.dr
    Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469257517.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32api.pdb!! source: win32api.pyd.0.dr
    Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467666133.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468232250.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467735666.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466857977.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: L5OMdZqWzq.exe, 00000000.00000003.1465651139.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727713011.00007FFBBB40C000.00000002.00000001.01000000.0000000B.sdmp
    Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468870332.0000023530539000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
    Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467118463.0000023530536000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.4built on: Fri Nov 24 00:12:45 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: L5OMdZqWzq.exe, 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1465920235.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2727607365.00007FFBB7EE3000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdbcQ source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-7t032bmh\src\rust\target\release\deps\cryptography_rust.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728275261.00007FFBBC704000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1467053646.0000023530536000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: L5OMdZqWzq.exe, 00000000.00000003.1466378820.0000023530536000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2728275261.00007FFBBC704000.00000002.00000001.01000000.0000000C.sdmp, _wmi.pyd.0.dr
    Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2725691024.00007FFBAB21F000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1485136245.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716755081.00000249EB1A0000.00000002.00000001.01000000.00000007.sdmp
    Source: Binary string: D:\a\1\b\libssl-3.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2726253645.00007FFBAB694000.00000002.00000001.01000000.00000012.sdmp
    Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1468649696.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: L5OMdZqWzq.exe, 00000000.00000003.1469091691.0000023530539000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: L5OMdZqWzq.exe, 00000002.00000002.2726498082.00007FFBAB6ED000.00000002.00000001.01000000.00000011.sdmp, _ssl.pyd.0.dr
    Source: L5OMdZqWzq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: L5OMdZqWzq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: L5OMdZqWzq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: L5OMdZqWzq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: L5OMdZqWzq.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: 0xA8F275DA [Mon Oct 27 06:36:10 2059 UTC]
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1EDB00 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,2_2_00007FFBAA1EDB00
    Source: L5OMdZqWzq.exeStatic PE information: section name: _RDATA
    Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
    Source: python312.dll.0.drStatic PE information: section name: PyRuntim
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
    Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
    Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975A5004 push rsp; retf 0_2_00007FF6975A5005

    Persistence and Installation Behavior

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\sqlite3.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\pywin32_system32\pywintypes312.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\libssl-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\VCRUNTIME140_1.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\ucrtbase.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\libffi-8.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\VCRUNTIME140.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\libcrypto-3.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file

    Boot Survival

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, \\.\PhysicalDrive%d2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, PhysicalDrive%i2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_INVALID_FUNCTION; ignore PhysicalDrive%i2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyDict_New,swprintf_s,CreateFileA,DeviceIoControl,GetLastError,DeviceIoControl,swprintf_s,Py_BuildValue,PyDict_SetItemString,_Py_Dealloc,CloseHandle,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,__acrt_iob_func,fprintf,GetLastError,__acrt_iob_func,fprintf,__acrt_iob_func,PyErr_SetFromWindowsErr,_Py_Dealloc,_Py_Dealloc,CloseHandle, DeviceIoControl -> ERROR_NOT_SUPPORTED; ignore PhysicalDrive%i2_2_00007FFBAA0C2B00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C8AA0 PyArg_ParseTuple,StartServiceA,CloseServiceHandle,CloseServiceHandle,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFBAA0C8AA0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697566EF0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF697566EF0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: PyList_New,OpenSCManagerA,GetLastError,PyErr_SetFromWindowsErrWithFilename,EnumServicesStatusExW,GetLastError,free,malloc,EnumServicesStatusExW,PyUnicode_FromWideChar,PyUnicode_FromWideChar,Py_BuildValue,PyList_Append,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,CloseServiceHandle,free,2_2_00007FFBAA0C8170
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_asyncio.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA224.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography\hazmat\bindings\_rust.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_strxor.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_RIPEMD160.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2s.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_hashlib.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\win32\win32api.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_portable.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ctr.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cfb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_queue.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_arc2.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Protocol\_scrypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_wmi.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_keccak.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_chacha20.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA512.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\psutil\_psutil_windows.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\select.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_socket.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD2.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aes.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\python312.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ocb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA384.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_clmul.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aesni.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\unicodedata.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA256.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_cffi_backend.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\win32\win32crypt.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD4.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_ssl.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\pyexpat.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_overlapped.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_Salsa20.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD5.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2b.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Math\_modexp.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\python3.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ofb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-console-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_x25519.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_poly1305.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ec_ws.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_decimal.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cast.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_cpuid_c.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_sqlite3.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des3.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_ctypes.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_ARC4.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l2-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ecb.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA1.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_bz2.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_multiprocessing.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-util-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed448.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\_lzma.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cbc.pydJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-16302
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeAPI coverage: 0.8 %
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF6975688D0 FindFirstFileExW,FindClose,0_2_00007FF6975688D0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF697577E4C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697577E4C _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF697577E4C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697581EE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF697581EE4
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C2E70 memset,PyList_New,SetErrorMode,PyArg_ParseTuple,PyObject_IsTrue,PyEval_SaveThread,GetLogicalDriveStringsA,PyEval_RestoreThread,PyErr_SetFromWindowsErr,SetErrorMode,PyEval_SaveThread,GetDriveTypeA,PyEval_RestoreThread,GetVolumeInformationA,strcat_s,SetLastError,strcat_s,strcat_s,strcat_s,FindFirstVolumeMountPointA,strcpy_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,FindNextVolumeMountPointA,FindVolumeMountPointClose,strcat_s,strcat_s,Py_BuildValue,PyList_Append,_Py_Dealloc,strchr,SetErrorMode,FindVolumeMountPointClose,SetErrorMode,_Py_Dealloc,_Py_Dealloc,2_2_00007FFBAA0C2E70
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C18C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,2_2_00007FFBAA0C18C0
    Source: L5OMdZqWzq.exe, 00000000.00000003.1469907525.0000023530539000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
    Source: L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWI
    Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69756C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69756C57C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1EDB00 GetModuleHandleW,LoadLibraryW,GetProcAddress,AddAccessAllowedAce,GetProcAddress,AddAccessDeniedAce,GetProcAddress,AddAccessAllowedAceEx,GetProcAddress,AddMandatoryAce,GetProcAddress,AddAccessAllowedObjectAce,GetProcAddress,AddAccessDeniedAceEx,GetProcAddress,AddAccessDeniedObjectAce,GetProcAddress,AddAuditAccessAceEx,GetProcAddress,AddAuditAccessObjectAce,GetProcAddress,SetSecurityDescriptorControl,InitializeCriticalSection,TlsAlloc,DeleteCriticalSection,TlsFree,2_2_00007FFBAA1EDB00
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697583AF0 GetProcessHeap,0_2_00007FF697583AF0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69756C760 SetUnhandledExceptionFilter,0_2_00007FF69756C760
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69756C57C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69756C57C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69756BCE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF69756BCE0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69757ABD8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF69757ABD8
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0CA050 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA0CA050
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0CA978 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA0CA978
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA0E1960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA0E1390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0F1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA0F1960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0F1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA0F1390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA101960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA101960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA101390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA101390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA111390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA111390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA111960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA111960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA121390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA121390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA121960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA121960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA131390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA131390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA131960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA131960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA141390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA141390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA141960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA141960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA151390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA151390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA151960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA151960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA161390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA161390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA161960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA161960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA171390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA171390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA171960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA171960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA181390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA181390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA181960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA181960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA191390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA191390
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA191960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA191960
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1BB360 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA1BB360
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1BBCC8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA1BBCC8
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1EF85C SetUnhandledExceptionFilter,2_2_00007FFBAA1EF85C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1EE55C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA1EE55C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1EF674 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA1EF674
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA22036C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFBAA22036C
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA21F768 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA21F768
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA220554 SetUnhandledExceptionFilter,2_2_00007FFBAA220554
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA36ABE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFBAA36ABE0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeProcess created: C:\Users\user\Desktop\L5OMdZqWzq.exe "C:\Users\user\Desktop\L5OMdZqWzq.exe"Jump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1E7CD0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,2_2_00007FFBAA1E7CD0
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA1E8B50 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,2_2_00007FFBAA1E8B50
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697589E40 cpuid 0_2_00007FF697589E40
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\certifi VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\ucrtbase.dll VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_bz2.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_lzma.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\pywin32_system32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_wmi.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\win32 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_socket.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\select.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_queue.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_ssl.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_asyncio.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802\_overlapped.pyd VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI32802 VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeQueries volume information: C:\Users\user\Desktop\L5OMdZqWzq.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF69756C460 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF69756C460
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 0_2_00007FF697586370 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF697586370
    Source: C:\Users\user\Desktop\L5OMdZqWzq.exeCode function: 2_2_00007FFBAA0C18C0 PyModule_Create2,getenv,RtlGetVersion,GetSystemInfo,InitializeCriticalSection,PyModule_GetState,PyErr_NewException,_Py_Dealloc,PyErr_NewException,PyModule_AddObject,PyErr_NewException,PyModule_AddObject,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,PyModule_AddIntConstant,2_2_00007FFBAA0C18C0

    Stealing of Sensitive Information

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: L5OMdZqWzq.exe PID: 5940, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected Generic Python Stealer
    Source: Yara matchFile source: Process Memory Space: L5OMdZqWzq.exe PID: 5940, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		1
    Windows Service    		1
    Access Token Manipulation    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping2
    System Time Discovery    		Remote Services11
    Archive Collected Data    		22
    Encrypted Channel    		Exfiltration Over Other Network Medium1
    Data Encrypted for Impact
    CredentialsDomainsDefault Accounts2
    Service Execution    		1
    Bootkit    		1
    Windows Service    		1
    Access Token Manipulation    		LSASS Memory31
    Security Software Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts2
    Native API    		1
    DLL Side-Loading    		11
    Process Injection    		11
    Process Injection    		Security Account Manager1
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		NTDS1
    Process Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
    Obfuscated Files or Information    		LSA Secrets1
    System Service Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Bootkit    		Cached Domain Credentials2
    File and Directory Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Install Root Certificate    		DCSync26
    System Information Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Timestomp    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    DLL Side-Loading    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    L5OMdZqWzq.exe21%ReversingLabsWin32.Ransomware.PythonStealer
    L5OMdZqWzq.exe100%AviraTR/PSW.Agent.aexvn
    L5OMdZqWzq.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD4.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD5.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA1.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA224.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA256.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA384.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA512.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_keccak.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_poly1305.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Math\_modexp.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_x25519.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_strxor.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\VCRUNTIME140.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\VCRUNTIME140_1.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_asyncio.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_bz2.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_ctypes.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_decimal.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_hashlib.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_lzma.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_multiprocessing.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_overlapped.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_queue.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_socket.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_sqlite3.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_ssl.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\_wmi.pyd0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://repository.swisssign.com/K0%Avira URL Cloudsafe
    https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=0%Avira URL Cloudsafe
    http://repository.swisssign.com/t0%Avira URL Cloudsafe
    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html0%Avira URL Cloudsafe
    https://busquedasxurl.com/login/conexion/recibidor.php0%Avira URL Cloudsafe
    http://repository.swisssign.com/RNAM0%Avira URL Cloudsafe
    https://requests.readthedocs.ioxep0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    httpbin.org
    		34.224.200.202
    		truefalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfL5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        https://github.com/pyca/cryptography/issues/8996L5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmpfalse
          		high
          https://api.telegram.org/botL5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/giampaolo/psutil/issues/875.L5OMdZqWzq.exe, 00000002.00000002.2719711909.00000249ED390000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://api.telegram.org/botzL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesL5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  http://aka.ms/vcpython27L5OMdZqWzq.exe, 00000002.00000002.2718379785.00000249EC1B0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/mhammond/pywin32L5OMdZqWzq.exe, L5OMdZqWzq.exe, 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmp, win32api.pyd.0.dr, pywintypes312.dll.0.drfalse
                      		high
                      http://repository.swisssign.com/KL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://docs.python.org/library/unittest.htmlL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://setuptools.pypa.io/en/latest/L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#L5OMdZqWzq.exe, 00000002.00000002.2716450907.00000249E985A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB270000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/pyca/cryptography/actions?query=workflow%3ACIL5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                              		high
                              http://goo.gl/zeJZl.L5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://tools.ietf.org/html/rfc2388#section-4.4L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC6D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.apache.org/licenses/LICENSE-2.0L5OMdZqWzq.exe, 00000000.00000003.1470626477.0000023530546000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1470541664.0000023530539000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000000.00000003.1470541664.0000023530546000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                    		high
                                    https://packaging.python.org/en/latest/specifications/core-metadata/L5OMdZqWzq.exe, 00000002.00000002.2718379785.00000249EC1B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/pypa/packagingL5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://refspecs.linuxfoundation.org/elf/gabi4L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.python.org/3/library/subprocess#subprocess.Popen.killL5OMdZqWzq.exe, 00000002.00000002.2718490430.00000249EC390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://tools.ietf.org/html/rfc3610L5OMdZqWzq.exe, 00000002.00000003.1503687819.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://github.com/platformdirs/platformdirsL5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://peps.python.org/pep-0205/L5OMdZqWzq.exe, 00000002.00000002.2717356895.00000249EB8B0000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                      		high
                                                      http://crl.dhimyotis.com/certignarootca.crlL5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://curl.haxx.se/rfc/cookie_spec.htmlL5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://ocsp.accv.esL5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodeL5OMdZqWzq.exe, 00000002.00000002.2718490430.00000249EC390000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.cert.fnmt.es/dpcs/kDL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyL5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688L5OMdZqWzq.exe, 00000002.00000002.2716596139.00000249EB10C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://httpbin.org/getL5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED090000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC767000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://packaging.python.org/en/latest/specifications/entry-points/L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://pypi.org/project/build/).L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499753239.00000249EB6F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://wwww.certigna.fr/autorites/0mL5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerL5OMdZqWzq.exe, 00000002.00000002.2716450907.00000249E985A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB270000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://foo/bar.tgzL5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/python/cpython/issues/86361.L5OMdZqWzq.exe, 00000002.00000003.1496656881.00000249EB83D000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499367249.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1497410275.00000249EB86D000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1497080914.00000249EB857000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://mail.python.org/pipermail/python-dev/2012-June/120787.html.L5OMdZqWzq.exe, 00000002.00000002.2719555383.00000249ED258000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://httpbin.org/L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.apache.org/licenses/L5OMdZqWzq.exe, 00000000.00000003.1470541664.0000023530539000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                          		high
                                                                                          https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainL5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                            		high
                                                                                            https://wwww.certigna.fr/autorites/L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileL5OMdZqWzq.exe, 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmpfalse
                                                                                                		high
                                                                                                https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzL5OMdZqWzq.exe, 00000002.00000003.1503917154.00000249EBD79000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://busquedasxurl.com/login/conexion/bloqueadoreslogs.php?ip=L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://repository.swisssign.com/tL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.L5OMdZqWzq.exe, 00000002.00000003.1499719727.00000249EBC60000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718298213.00000249EC0B0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1499555992.00000249EBC57000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB7B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://cryptography.io/en/latest/installation/L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                        		high
                                                                                                        https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syL5OMdZqWzq.exe, 00000002.00000002.2716450907.00000249E985A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB270000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.python.org/psf/license/L5OMdZqWzq.exe, 00000002.00000002.2725164585.00007FFBAAF4C000.00000008.00000001.01000000.00000005.sdmpfalse
                                                                                                            		high
                                                                                                            https://docs.python.org/3/library/multiprocessing.htmlL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBDB0000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503783489.00000249EBDA1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/pypa/setuptools/issues/417#issuecomment-392298401L5OMdZqWzq.exe, 00000002.00000002.2716998631.00000249EB5B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://crl.securetrust.com/STCA.crlL5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://wwwsearch.sf.net/):L5OMdZqWzq.exe, 00000002.00000002.2718725988.00000249EC690000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.accv.es/legislacion_c.htmL5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tools.ietf.org/html/rfc6125#section-6.4.3L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cryptography.io/en/latest/security/L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                            		high
                                                                                                                            https://cffi.readthedocs.io/en/latest/using.html#callbacksL5OMdZqWzq.exe, L5OMdZqWzq.exe, 00000002.00000002.2721884428.00007FFBAA1BD000.00000002.00000001.01000000.00000021.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.xrampsecurity.com/XGCA.crl0L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://bugs.python.org/issue44497.L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717445541.00000249EB9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.cert.fnmt.es/dpcs/L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://google.com/mailL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://packaging.python.org/specifications/entry-points/L5OMdZqWzq.exe, 00000002.00000002.2718145442.00000249EBEB0000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717445541.00000249EB9B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/jaraco/jaraco.functools/issues/5L5OMdZqWzq.exe, 00000002.00000002.2718648533.00000249EC590000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718222116.00000249EBFB0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.accv.es00L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.python.org/psf/license/)L5OMdZqWzq.exe, 00000002.00000002.2724579921.00007FFBAADD4000.00000002.00000001.01000000.00000005.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyL5OMdZqWzq.exe, 00000002.00000003.1491326463.00000249EB29E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.rfc-editor.org/info/rfc7253L5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfL5OMdZqWzq.exe, 00000002.00000003.1503687819.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://readthedocs.org/projects/cryptography/badge/?version=latestL5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.quovadisglobal.com/cps/=L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://foss.heptapod.net/pypy/pypy/-/issues/3539L5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503880698.00000249EBE98000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://google.com/L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://mahler:8092/site-updates.pyL5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.securetrust.com/SGCA.crlL5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://.../back.jpegL5OMdZqWzq.exe, 00000002.00000002.2719361332.00000249ECF90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://tools.ietf.org/html/rfc7231#section-4.3.6)L5OMdZqWzq.exe, 00000002.00000003.1503917154.00000249EBD79000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBD68000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://tools.ietf.org/html/rfc5869L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB38000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/pyca/cryptographyL5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.python.org/download/releases/2.3/mro/.L5OMdZqWzq.exe, 00000002.00000003.1492137664.00000249EB32D000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1492137664.00000249EB33A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2716596139.00000249EB090000.00000004.00001000.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1492212510.00000249EB340000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlL5OMdZqWzq.exe, 00000002.00000002.2716812854.00000249EB2BF000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1503687819.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC7B3000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE4A000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718008244.00000249EBE5F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC6D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://httpbin.org/postL5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://github.com/pyca/cryptography/L5OMdZqWzq.exe, 00000000.00000003.1470705527.0000023530539000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/Ousret/charset_normalizerL5OMdZqWzq.exe, 00000002.00000002.2718758421.00000249EC724000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000003.1504017066.00000249EC729000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://www.firmaprofesional.com/cps0L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC8E9000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBAB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://github.com/urllib3/urllib3/issues/2920L5OMdZqWzq.exe, 00000002.00000002.2719286189.00000249ECE90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://requests.readthedocs.ioxepL5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://crl.securetrust.com/SGCA.crl0L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://yahoo.com/L5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBB7F000.00000004.00000020.00020000.00000000.sdmp, L5OMdZqWzq.exe, 00000002.00000002.2717093889.00000249EB6B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://repository.swisssign.com/RNAML5OMdZqWzq.exe, 00000002.00000002.2717531157.00000249EBCA6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://crl.securetrust.com/STCA.crl0L5OMdZqWzq.exe, 00000002.00000002.2719026706.00000249EC861000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://busquedasxurl.com/login/conexion/recibidor.phpL5OMdZqWzq.exe, 00000002.00000002.2719444015.00000249ED0C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                                		unknown

                                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                                Public IPs

                                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                34.224.200.202
                                                                                                                                                                                                		httpbin.orgUnited States
                                                                                                                                                                                                		14618AMAZON-AESUSfalse

                                                                                                                                                                                                General Information

                                                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                Analysis ID:1571336
                                                                                                                                                                                                Start date and time:2024-12-09 09:55:46 +01:00
                                                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                                                Overall analysis duration:0h 8m 58s
                                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                                Report type:full
                                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                Number of analysed new started processes analysed:7
                                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                                Technologies:
                                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                                Sample name:L5OMdZqWzq.exe
                                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                                Original Sample Name:2f1f7def1fb58a59bcda870b387a7825e2d468250fae590df12ce18264542d83.exe
                                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                                Classification:mal72.troj.evad.winEXE@3/122@1/1
                                                                                                                                                                                                EGA Information:
                                                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                                                HCA Information:
                                                                                                                                                                                                • Successful, ratio: 95%
                                                                                                                                                                                                • Number of executed functions: 39
                                                                                                                                                                                                • Number of non-executed functions: 389
                                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                                Warnings

                                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                • VT rate limit hit for: L5OMdZqWzq.exe

                                                                                                                                                                                                Simulations

                                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                                No simulations

                                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                                IPs

                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                34.224.200.202okG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                  11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                      eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          nsh99t9Dox.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    httpbin.orgI6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    nsh99t9Dox.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                    • 34.224.200.202

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    AMAZON-AESUSokG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    L5cZ63IH4a.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    478y7Ve1JG.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    11lbKZLNnQ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 34.224.200.202
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    eEiHdLSfum.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 44.196.3.45
                                                                                                                                                                                                                    maniatelo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                    • 44.196.3.45

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_ARC4.pydokG6LaM2yP.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                      I6H1RkEHlX.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                        hKgrI6tqYx.exeGet hashmaliciousPython Stealer, BabadedaBrowse
                                                                                                                                                                                                                          33sKdwH6im.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                            r2PcRF79Mo.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                              KkgQY27Qqn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  ChromeComboPack.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                    speedymaqing.exeGet hashmaliciousPython Stealer, Discord Token StealerBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousCStealerBrowse

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                                                                                        Entropy (8bit):4.703513333396807
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:nDzb9VD9daQ2iTrqT+6Zdp/Q0I1uLfcC75JiC4Rs89EcYyGDV90OcX6gY/7ECFV:Dzz9damqTrpYTst0E5DVPcqgY/79X
                                                                                                                                                                                                                                        MD5:6176101B7C377A32C01AE3EDB7FD4DE6
                                                                                                                                                                                                                                        SHA1:5F1CB443F9D677F313BEC07C5241AEAB57502F5E
                                                                                                                                                                                                                                        SHA-256:EFEA361311923189ECBE3240111EFBA329752D30457E0DBE9628A82905CD4BDB
                                                                                                                                                                                                                                        SHA-512:3E7373B71AE0834E96A99595CFEF2E96C0F5230429ADC0B5512F4089D1ED0D7F7F0E32A40584DFB13C41D257712A9C4E9722366F0A21B907798AE79D8CEDCF30
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                        • Filename: okG6LaM2yP.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: I6H1RkEHlX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: hKgrI6tqYx.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: 33sKdwH6im.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: r2PcRF79Mo.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: KkgQY27Qqn.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: ChromeComboPack.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: speedymaqing.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P........................................p............`.........................................P(.......(..d....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata..,.... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..,....`.......*..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                        Entropy (8bit):4.968452734961967
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:JF3TgNlF/1Nt5aSd4+1ijg0NLfFNJSCqsstXHTeH5ht47qMbxbfDqbwYH/kcX6gT:WF/1nb2mhQtkXHTeZ87VDqrMcqgYvEp
                                                                                                                                                                                                                                        MD5:371776A7E26BAEB3F75C93A8364C9AE0
                                                                                                                                                                                                                                        SHA1:BF60B2177171BA1C6B4351E6178529D4B082BDA9
                                                                                                                                                                                                                                        SHA-256:15257E96D1CA8480B8CB98F4C79B6E365FE38A1BA9638FC8C9AB7FFEA79C4762
                                                                                                                                                                                                                                        SHA-512:C23548FBCD1713C4D8348917FF2AB623C404FB0E9566AB93D147C62E06F51E63BDAA347F2D203FE4F046CE49943B38E3E9FA1433F6455C97379F2BC641AE7CE9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......x9..d....`.......P..L............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..L....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.061461040216793
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ldF/1nb2mhQtkXn0t/WS60YYDEiqvdvGyv9lkVcqgYvEMo:v2f6XSZ6XYD6vdvGyv9MgYvEMo
                                                                                                                                                                                                                                        MD5:CB5238E2D4149636377F9A1E2AF6DC57
                                                                                                                                                                                                                                        SHA1:038253BABC9E652BA4A20116886209E2BCCF35AC
                                                                                                                                                                                                                                        SHA-256:A8D3BB9CD6A78EBDB4F18693E68B659080D08CB537F9630D279EC9F26772EFC7
                                                                                                                                                                                                                                        SHA-512:B1E6AB509CF1E5ECC6A60455D6900A76514F8DF43F3ABC3B8D36AF59A3DF8A868B489ED0B145D0D799AAC8672CBF5827C503F383D3F38069ABF6056ECCD87B21
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..d............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.236167046748013
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:/siHXqpoUol3xZhRyQX5lDnRDFYav+tcqgRvE:h6D+XBDgDgRvE
                                                                                                                                                                                                                                        MD5:D9E7218460AEE693BEA07DA7C2B40177
                                                                                                                                                                                                                                        SHA1:9264D749748D8C98D35B27BEFE6247DA23FF103D
                                                                                                                                                                                                                                        SHA-256:38E423D3BCC32EE6730941B19B7D5D8872C0D30D3DD8F9AAE1442CB052C599AD
                                                                                                                                                                                                                                        SHA-512:DDB579E2DEA9D266254C0D9E23038274D9AE33F0756419FD53EC6DC1A27D1540828EE8F4AD421A5CFFD9B805F1A68F26E70BDC1BAB69834E8ACD6D7BB7BDB0DB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K..*...*...*...R...*...U...*..R...*...*...*...U...*...U...*...U...*.....*.....*...}..*.....*..Rich.*..........................PE..d....e.........." ...%............P.....................................................`..........................................9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@.......,..............@....pdata..|....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36352
                                                                                                                                                                                                                                        Entropy (8bit):6.558176937399355
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:Dz2P+7nYpPMedFDlDchrVX1mEVmT9ZgkoD/PKDkGuF0U390QOo8VdbKBWmuCLg46:DzeqWB7YJlmLJ3oD/S4j990th9VCsC
                                                                                                                                                                                                                                        MD5:F751792DF10CDEED391D361E82DAF596
                                                                                                                                                                                                                                        SHA1:3440738AF3C88A4255506B55A673398838B4CEAC
                                                                                                                                                                                                                                        SHA-256:9524D1DADCD2F2B0190C1B8EDE8E5199706F3D6C19D3FB005809ED4FEBF3E8B5
                                                                                                                                                                                                                                        SHA-512:6159F245418AB7AD897B02F1AADF1079608E533B9C75006EFAF24717917EAA159846EE5DFC0E85C6CFF8810319EFECBA80C1D51D1F115F00EC1AFF253E312C00
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%.H...H......P.....................................................`.................................................,...d...............................4... ...................................@............`...............................text....F.......H.................. ..`.rdata..d6...`...8...L..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15872
                                                                                                                                                                                                                                        Entropy (8bit):5.285191078037458
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:wJBjJHEkEPYi3Xd+dc26E4++yuqAyXW9wifD4jqccqgwYUMvEW:ikRwi3wO26Ef+yuIm9PfD7wgwYUMvE
                                                                                                                                                                                                                                        MD5:BBEA5FFAE18BF0B5679D5C5BCD762D5A
                                                                                                                                                                                                                                        SHA1:D7C2721795113370377A1C60E5CEF393473F0CC5
                                                                                                                                                                                                                                        SHA-256:1F4288A098DA3AAC2ADD54E83C8C9F2041EC895263F20576417A92E1E5B421C1
                                                                                                                                                                                                                                        SHA-512:0932EC5E69696D6DD559C30C19FC5A481BEFA38539013B9541D84499F2B6834A2FFE64A1008A1724E456FF15DDA6268B7B0AD8BA14918E2333567277B3716CC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TX..:...:...:.....:..;...:...;...:...;...:..?...:..>...:..9...:..R2...:..R:...:..R....:..R8...:.Rich..:.................PE..d....e.........." ...%. ... ......P.....................................................`..........................................9......D:..d....`.......P...............p..,....3...............................1..@............0.. ............................text...h........ .................. ..`.rdata.......0.......$..............@..@.data...(....@.......4..............@....pdata.......P.......6..............@..@.rsrc........`.......:..............@..@.reloc..,....p.......<..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                        Entropy (8bit):5.505471888568532
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vd9VkyQ5f8vjVaCHpKpTTjaNe7oca2DW3Q2dhmdcqgwNeecBih:JkP5cjIGpKlqD2D4kzgwNeE
                                                                                                                                                                                                                                        MD5:D2175300E065347D13211F5BF7581602
                                                                                                                                                                                                                                        SHA1:3AE92C0B0ECDA1F6B240096A4E68D16D3DB1FFB0
                                                                                                                                                                                                                                        SHA-256:94556934E3F9EE73C77552D2F3FC369C02D62A4C9E7143E472F8E3EE8C00AEE1
                                                                                                                                                                                                                                        SHA-512:6156D744800206A431DEE418A1C561FFB45D726DC75467A91D26EE98503B280C6595CDEA02BDA6A023235BD010835EA1FC9CB843E9FEC3501980B47B6B490AF7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%."... ......P.....................................................`.........................................0J.......J..d....p.......`..................,....C...............................B..@............@...............................text....!.......".................. ..`.rdata.......@.......&..............@..@.data...8....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20992
                                                                                                                                                                                                                                        Entropy (8bit):6.06124024160806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:bUv5cJMOZA0nmwBD+XpJgLa0Mp8Qpg4P2llyM:0K1XBD+DgLa1yTi
                                                                                                                                                                                                                                        MD5:45616B10ABE82D5BB18B9C3AB446E113
                                                                                                                                                                                                                                        SHA1:91B2C0B0F690AE3ABFD9B0B92A9EA6167049B818
                                                                                                                                                                                                                                        SHA-256:F348DB1843B8F38A23AEE09DD52FB50D3771361C0D529C9C9E142A251CC1D1EC
                                                                                                                                                                                                                                        SHA-512:ACEA8C1A3A1FA19034FD913C8BE93D5E273B7719D76CB71C36F510042918EA1D9B44AC84D849570F9508D635B4829D3E10C36A461EC63825BA178F5AC1DE85FB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text....".......$.................. ..`.rdata..L....@... ...(..............@..@.data...8....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..4............P..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):25088
                                                                                                                                                                                                                                        Entropy (8bit):6.475467273446457
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:oc6HLZiMDFuGu+XHZXmrfXA+UA10ol31tuXy4IYgLWi:B6H1TZXX5XmrXA+NNxWiFdLWi
                                                                                                                                                                                                                                        MD5:CF3C2F35C37AA066FA06113839C8A857
                                                                                                                                                                                                                                        SHA1:39F3B0AEFB771D871A93681B780DA3BD85A6EDD0
                                                                                                                                                                                                                                        SHA-256:1261783F8881642C3466B96FA5879A492EA9E0DAB41284ED9E4A82E8BCF00C80
                                                                                                                                                                                                                                        SHA-512:1C36B80AAE49FD5E826E95D83297AE153FDB2BC652A47D853DF31449E99D5C29F42ED82671E2996AF60DCFB862EC5536BB0A68635D4E33D33F8901711C0C8BE6
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.$...@............................................................`.........................................@i.......i..d...............................4....b...............................a..@............@...............................text....#.......$.................. ..`.rdata.......@...0...(..............@..@.data...8....p.......X..............@....pdata...............Z..............@..@.rsrc................^..............@..@.reloc..4............`..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.838534302892255
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0F/1nb2mhQtkr+juOxKbDbnHcqgYvEkrK:u2f6iuOsbDtgYvEmK
                                                                                                                                                                                                                                        MD5:20708935FDD89B3EDDEEA27D4D0EA52A
                                                                                                                                                                                                                                        SHA1:85A9FE2C7C5D97FD02B47327E431D88A1DC865F7
                                                                                                                                                                                                                                        SHA-256:11DD1B49F70DB23617E84E08E709D4A9C86759D911A24EBDDFB91C414CC7F375
                                                                                                                                                                                                                                        SHA-512:F28C31B425DC38B5E9AD87B95E8071997E4A6F444608E57867016178CD0CA3E9F73A4B7F2A0A704E45F75B7DCFF54490510C6BF8461F3261F676E9294506D09B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):4.9047185025862925
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:NRgPX8lvI+KnwSDTPUDEhKWPXcqgzQkvEd:2og9rUD9mpgzQkvE
                                                                                                                                                                                                                                        MD5:43BBE5D04460BD5847000804234321A6
                                                                                                                                                                                                                                        SHA1:3CAE8C4982BBD73AF26EB8C6413671425828DBB7
                                                                                                                                                                                                                                        SHA-256:FAA41385D0DB8D4EE2EE74EE540BC879CF2E884BEE87655FF3C89C8C517EED45
                                                                                                                                                                                                                                        SHA-512:DBC60F1D11D63BEBBAB3C742FB827EFBDE6DFF3C563AE1703892D5643D5906751DB3815B97CBFB7DA5FCD306017E4A1CDCC0CDD0E61ADF20E0816F9C88FE2C9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%..... ......P.....................................................`..........................................9.......9..d....`.......P..d............p..,....3...............................1..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...8....@.......,..............@....pdata..d....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                                                        Entropy (8bit):5.300163691206422
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:j0J1gSHxKkwv0i8XSi3Sm57NEEE/qexUEtDrdkrRcqgUF6+6vEX:jM01si8XSi3SACqe7tDeDgUUjvE
                                                                                                                                                                                                                                        MD5:C6B20332B4814799E643BADFFD8DF2CD
                                                                                                                                                                                                                                        SHA1:E7DA1C1F09F6EC9A84AF0AB0616AFEA55A58E984
                                                                                                                                                                                                                                        SHA-256:61C7A532E108F67874EF2E17244358DF19158F6142680F5B21032BA4889AC5D8
                                                                                                                                                                                                                                        SHA-512:D50C7F67D2DFB268AD4CF18E16159604B6E8A50EA4F0C9137E26619FD7835FAAD323B5F6A2B8E3EC1C023E0678BCBE5D0F867CD711C5CD405BD207212228B2B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,..*B..*B..*B..R...*B..UC..*B.RC..*B..*C..*B..UG..*B..UF..*B..UA..*B..J..*B..B..*B....*B..@..*B.Rich.*B.........................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......x:..d....`.......P...............p..,....3...............................1..@............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):57856
                                                                                                                                                                                                                                        Entropy (8bit):4.260220483695234
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9XUqVT1dZ/GHkJnYcZiGKdZHDLtiduprZNZY0JAIg+v:99HGHfJidSK
                                                                                                                                                                                                                                        MD5:0B538205388FDD99A043EE3AFAA074E4
                                                                                                                                                                                                                                        SHA1:E0DD9306F1DBE78F7F45A94834783E7E886EB70F
                                                                                                                                                                                                                                        SHA-256:C4769D3E6EB2A2FECB5DEC602D45D3E785C63BB96297268E3ED069CC4A019B1A
                                                                                                                                                                                                                                        SHA-512:2F4109E42DB7BC72EB50BCCC21EB200095312EA00763A255A38A4E35A77C04607E1DB7BB69A11E1D80532767B20BAA4860C05F52F32BF1C81FE61A7ECCEB35ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.8...................................................0............`.....................................................d...............l............ ..4...................................@...@............P...............................text....7.......8.................. ..`.rdata..f....P.......<..............@..@.data...8...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):58368
                                                                                                                                                                                                                                        Entropy (8bit):4.276870967324261
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:9jUqho9weF5/eHkRnYcZiGKdZHDL7idErZjZYXGg:9RCneH//id42
                                                                                                                                                                                                                                        MD5:6C3E976AB9F47825A5BD9F73E8DBA74E
                                                                                                                                                                                                                                        SHA1:4C6EB447FE8F195CF7F4B594CE7EAF928F52B23A
                                                                                                                                                                                                                                        SHA-256:238CDB6B8FB611DB4626E6D202E125E2C174C8F73AE8A3273B45A0FC18DEA70C
                                                                                                                                                                                                                                        SHA-512:B19516F00CC0484D9CDA82A482BBFE41635CDBBE19C13F1E63F033C9A68DD36798C44F04D6BD8BAE6523A845E852D81ACADD0D5DD86AF62CC9D081B803F8DF7B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........................................................K......K......Ki.....K.....Rich...........................PE..d....e.........." ...%.:...................................................0............`.................................................P...d............................ ..4...................................@...@............P...............................text...x9.......:.................. ..`.rdata.......P.......>..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.578113904149635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:R0qVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EpmFWLOXDwo2Pj15XkcX6gbW6z:DVddiT7pgTctEEI4qXDo11kcqgbW6
                                                                                                                                                                                                                                        MD5:FEE13D4FB947835DBB62ACA7EAFF44EF
                                                                                                                                                                                                                                        SHA1:7CC088AB68F90C563D1FE22D5E3C3F9E414EFC04
                                                                                                                                                                                                                                        SHA-256:3E0D07BBF93E0748B42B1C2550F48F0D81597486038C22548224584AE178A543
                                                                                                                                                                                                                                        SHA-512:DEA92F935BC710DF6866E89CC6EB5B53FC7ADF0F14F3D381B89D7869590A1B0B1F98F347664F7A19C6078E7AA3EB0F773FFCB711CC4275D0ECD54030D6CF5CB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................p'......((..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):6.143719741413071
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:IUv5cRUtPQtjLJiKMjNrDF6pJgLa0Mp8Q90gYP2lXCM:BKR8I+K0lDFQgLa17zU
                                                                                                                                                                                                                                        MD5:76F88D89643B0E622263AF676A65A8B4
                                                                                                                                                                                                                                        SHA1:93A365060E98890E06D5C2D61EFBAD12F5D02E06
                                                                                                                                                                                                                                        SHA-256:605C86145B3018A5E751C6D61FD0F85CF4A9EBF2AD1F3009A4E68CF9F1A63E49
                                                                                                                                                                                                                                        SHA-512:979B97AAC01633C46C048010FA886EBB09CFDB5520E415F698616987AE850FD342A4210A8DC0FAC1E059599F253565862892171403F5E4F83754D02D2EF3F366
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.(...0......P.....................................................`.........................................pY.......Z..d............p..................4...@S...............................R..@............@...............................text...X'.......(.................. ..`.rdata..T....@... ...,..............@..@.data...8....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..4............T..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17920
                                                                                                                                                                                                                                        Entropy (8bit):5.353267174592179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:7PHNP3Mj7Be/yB/6sB3yxcb+IMcOYqQViCBD8bg6Vf4A:hPcnB8KSsB34cb+bcOYpMCBDX
                                                                                                                                                                                                                                        MD5:D48BFFA1AF800F6969CFB356D3F75AA6
                                                                                                                                                                                                                                        SHA1:2A0D8968D74EBC879A17045EFE86C7FB5C54AEE6
                                                                                                                                                                                                                                        SHA-256:4AA5E9CE7A76B301766D3ECBB06D2E42C2F09D0743605A91BF83069FEFE3A4DE
                                                                                                                                                                                                                                        SHA-512:30D14AD8C68B043CC49EAFB460B69E83A15900CB68B4E0CBB379FF5BA260194965EF300EB715308E7211A743FF07FA7F8779E174368DCAA7F704E43068CC4858
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.(... ......P.....................................................`..........................................I.......J..d....p.......`..................,....C...............................A..@............@...............................text....'.......(.................. ..`.rdata..8....@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..,............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.741247880746506
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:0F/1nb2mhQtkgU7L9D037tfcqgYvEJPb:u2f6L9DSJxgYvEJj
                                                                                                                                                                                                                                        MD5:4D9182783EF19411EBD9F1F864A2EF2F
                                                                                                                                                                                                                                        SHA1:DDC9F878B88E7B51B5F68A3F99A0857E362B0361
                                                                                                                                                                                                                                        SHA-256:C9F4C5FFCDD4F8814F8C07CE532A164AB699AE8CDE737DF02D6ECD7B5DD52DBD
                                                                                                                                                                                                                                        SHA-512:8F983984F0594C2CAC447E9D75B86D6EC08ED1C789958AFA835B0D1239FD4D7EBE16408D080E7FCE17C379954609A93FC730B11BE6F4A024E7D13D042B27F185
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8.......9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14848
                                                                                                                                                                                                                                        Entropy (8bit):5.212941287344097
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2F/1nb2mhQtkRySMfJ2ycxFzShJD9bAal2QDeJKcqgQx2QY:M2fKRQB2j8JD2fJagQx2QY
                                                                                                                                                                                                                                        MD5:F4EDB3207E27D5F1ACBBB45AAFCB6D02
                                                                                                                                                                                                                                        SHA1:8EAB478CA441B8AD7130881B16E5FAD0B119D3F0
                                                                                                                                                                                                                                        SHA-256:3274F49BE39A996C5E5D27376F46A1039B6333665BB88AF1CA6D37550FA27B29
                                                                                                                                                                                                                                        SHA-512:7BDEBF9829CB26C010FCE1C69E7580191084BCDA3E2847581D0238AF1CAA87E68D44B052424FDC447434D971BB481047F8F2DA1B1DEF6B18684E79E63C6FBDC5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`..........................................9......|:..d....`.......P..@............p..,....3...............................2..@............0...............................text...X........................... ..`.rdata.......0....... ..............@..@.data...8....@.......0..............@....pdata..@....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..,....p.......8..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                        Entropy (8bit):5.181291194389683
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hF/1nb2mhQt7fSOp/CJPvADQHKtxSOvbcqgEvcM+:N2fNKOZWPIDnxVlgEvL
                                                                                                                                                                                                                                        MD5:9D28433EA8FFBFE0C2870FEDA025F519
                                                                                                                                                                                                                                        SHA1:4CC5CF74114D67934D346BB39CA76F01F7ACC3E2
                                                                                                                                                                                                                                        SHA-256:FC296145AE46A11C472F99C5BE317E77C840C2430FBB955CE3F913408A046284
                                                                                                                                                                                                                                        SHA-512:66B4D00100D4143EA72A3F603FB193AFA6FD4EFB5A74D0D17A206B5EF825E4CC5AF175F5FB5C40C022BDE676BA7A83087CB95C9F57E701CA4E7F0A2FCE76E599
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%..... ......P.....................................................`.........................................09.......9..d....`.......P..@............p..,....3...............................2..@............0...............................text...8........................... ..`.rdata..4....0......................@..@.data...8....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14336
                                                                                                                                                                                                                                        Entropy (8bit):5.140195114409974
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RsiHXqpo0cUp8XnUp8XjEQnlDtJI6rcqgcx2:f6DcUp8XUp8AclDA69gcx2
                                                                                                                                                                                                                                        MD5:8A92EE2B0D15FFDCBEB7F275154E9286
                                                                                                                                                                                                                                        SHA1:FA9214C8BBF76A00777DFE177398B5F52C3D972D
                                                                                                                                                                                                                                        SHA-256:8326AE6AD197B5586222AFA581DF5FE0220A86A875A5E116CB3828E785FBF5C2
                                                                                                                                                                                                                                        SHA-512:7BA71C37AAF6CB10FC5C595D957EB2846032543626DE740B50D7CB954FF910DCF7CEAA56EB161BAB9CC1F663BADA6CA71973E6570BAC7D6DA4D4CC9ED7C6C3DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`..........................................9......0:..d....`.......P..(............p..,....4...............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..,....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13824
                                                                                                                                                                                                                                        Entropy (8bit):5.203867759982304
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:WsiHXqpwUiv6wPf+4WVrd1DFrCqwWwcqgfvE:s6biio2Pd1DFmlgfvE
                                                                                                                                                                                                                                        MD5:FE16E1D12CF400448E1BE3FCF2D7BB46
                                                                                                                                                                                                                                        SHA1:81D9F7A2C6540F17E11EFE3920481919965461BA
                                                                                                                                                                                                                                        SHA-256:ADE1735800D9E82B787482CCDB0FBFBA949E1751C2005DCAE43B0C9046FE096F
                                                                                                                                                                                                                                        SHA-512:A0463FF822796A6C6FF3ACEBC4C5F7BA28E7A81E06A3C3E46A0882F536D656D3F8BAF6FB748008E27F255FE0F61E85257626010543FC8A45A1E380206E48F07C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%............P.....................................................`.........................................p8...... 9..d....`.......P..(............p..,...@3...............................2..@............0...............................text...X........................... ..`.rdata..p....0......................@..@.data...p....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..,....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                        Entropy (8bit):5.478301937972917
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hZ9WXA7M93g8U7soSchhiLdjM5J6ECTGmDZkRsP0rcqgjPrvE:8Q0gH7zSccA5J6ECTGmDua89gjPrvE
                                                                                                                                                                                                                                        MD5:34EBB5D4A90B5A39C5E1D87F61AE96CB
                                                                                                                                                                                                                                        SHA1:25EE80CC1E647209F658AEBA5841F11F86F23C4E
                                                                                                                                                                                                                                        SHA-256:4FC70CB9280E414855DA2C7E0573096404031987C24CF60822854EAA3757C593
                                                                                                                                                                                                                                        SHA-512:82E27044FD53A7309ABAECA06C077A43EB075ADF1EF0898609F3D9F42396E0A1FA4FFD5A64D944705BBC1B1EBB8C2055D8A420807693CC5B70E88AB292DF81B7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%. ..........P.....................................................`..........................................8.......9..d....`.......P..X............p..,....3...............................1..@............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18432
                                                                                                                                                                                                                                        Entropy (8bit):5.69608744353984
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:nkP5RjF7GsIyV6Lx41NVYaVmtShQRKAa8+DSngkov:onx7RI26LuuHKz8+DbN
                                                                                                                                                                                                                                        MD5:42C2F4F520BA48779BD9D4B33CD586B9
                                                                                                                                                                                                                                        SHA1:9A1D6FFA30DCA5CE6D70EAC5014739E21A99F6D8
                                                                                                                                                                                                                                        SHA-256:2C6867E88C5D3A83D62692D24F29624063FCE57F600483BAD6A84684FF22F035
                                                                                                                                                                                                                                        SHA-512:1F0C18E1829A5BAE4A40C92BA7F8422D5FE8DBE582F7193ACEC4556B4E0593C898956065F398ACB34014542FCB3365DC6D4DA9CE15CB7C292C8A2F55FB48BB2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%.*... ......P.....................................................`..........................................I.......J..d....p.......`..................,....D..............................PC..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...8....P.......>..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc..,............F..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):19456
                                                                                                                                                                                                                                        Entropy (8bit):5.7981108922569735
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qPHNP3MjevhSY/8EBbVxcJ0ihTLdFDuPHgj+kf4D:sPcKvr/jUJ0sbDGAj+t
                                                                                                                                                                                                                                        MD5:AB0BCB36419EA87D827E770A080364F6
                                                                                                                                                                                                                                        SHA1:6D398F48338FB017AACD00AE188606EB9E99E830
                                                                                                                                                                                                                                        SHA-256:A927548ABEA335E6BCB4A9EE0A949749C9E4AA8F8AAD481CF63E3AC99B25A725
                                                                                                                                                                                                                                        SHA-512:3580FB949ACEE709836C36688457908C43860E68A36D3410F3FA9E17C6A66C1CDD7C081102468E4E92E5F42A0A802470E8F4D376DAA4ED7126818538E0BD0BC4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.0..........P.....................................................`..........................................H.......I..d....p.......`..X...............,....C...............................A..@............@...............................text..../.......0.................. ..`.rdata.......@.......4..............@..@.data........P.......B..............@....pdata..X....`.......D..............@..@.rsrc........p.......H..............@..@.reloc..,............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):5.865452719694432
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:y1jwGPJHLvzcY1EEerju9LcTZ6RO3RouLKtcyDNOcwgjxo:QjwyJUYToZwOLuzDNB1j
                                                                                                                                                                                                                                        MD5:C8FE3FF9C116DB211361FBB3EA092D33
                                                                                                                                                                                                                                        SHA1:180253462DD59C5132FBCCC8428DEA1980720D26
                                                                                                                                                                                                                                        SHA-256:25771E53CFECB5462C0D4F05F7CAE6A513A6843DB2D798D6937E39BA4B260765
                                                                                                                                                                                                                                        SHA-512:16826BF93C8FA33E0B5A2B088FB8852A2460E0A02D699922A39D8EB2A086E981B5ACA2B085F7A7DA21906017C81F4D196B425978A10F44402C5DB44B2BF4D00A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                                                                                        Entropy (8bit):5.867732744112887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:51jwGPJHLxzcY1EEerju9LcTZ6RO3RouLKtcyDNIegjxo:rjwyJOYToZwOLuzDNI7j
                                                                                                                                                                                                                                        MD5:A442EA85E6F9627501D947BE3C48A9DD
                                                                                                                                                                                                                                        SHA1:D2DEC6E1BE3B221E8D4910546AD84FE7C88A524D
                                                                                                                                                                                                                                        SHA-256:3DBCB4D0070BE355E0406E6B6C3E4CE58647F06E8650E1AB056E1D538B52B3D3
                                                                                                                                                                                                                                        SHA-512:850A00C7069FFDBA1EFE1324405DA747D7BD3BA5D4E724D08A2450B5A5F15A69A0D3EAF67CEF943F624D52A4E2159A9F7BDAEAFDC6C689EACEA9987414250F3B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.8... ......P.....................................................`..........................................Z.......[..d............p..................,... T...............................R..@............P...............................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27136
                                                                                                                                                                                                                                        Entropy (8bit):5.860044313282322
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:xFDL3RqE3MjjQ95UnLa+1WT1aA7qHofg5JptfISH2mDDXfgjVx2:jDLh98jjRe+1WT1aAeIfMzxH2mDDIj
                                                                                                                                                                                                                                        MD5:59BA0E05BE85F48688316EE4936421EA
                                                                                                                                                                                                                                        SHA1:1198893F5916E42143C0B0F85872338E4BE2DA06
                                                                                                                                                                                                                                        SHA-256:C181F30332F87FEECBF930538E5BDBCA09089A2833E8A088C3B9F3304B864968
                                                                                                                                                                                                                                        SHA-512:D772042D35248D25DB70324476021FB4303EF8A0F61C66E7DED490735A1CC367C2A05D7A4B11A2A68D7C34427971F96FF7658D880E946C31C17008B769E3B12F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`......................................... l.......m..d...............................,....e...............................d..@............`...............................text...hH.......J.................. ..`.rdata..X....`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27136
                                                                                                                                                                                                                                        Entropy (8bit):5.917025846093607
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:tFYLXRqEnMgj969GUnLa+1WT1aA7qHofg5JptfIS320DXwElrgjhig:PYLB9Mgj0e+1WT1aAeIfMzx320DXD+j
                                                                                                                                                                                                                                        MD5:8194D160FB215498A59F850DC5C9964C
                                                                                                                                                                                                                                        SHA1:D255E8CCBCE663EE5CFD3E1C35548D93BFBBFCC0
                                                                                                                                                                                                                                        SHA-256:55DEFCD528207D4006D54B656FD4798977BD1AAE6103D4D082A11E0EB6900B08
                                                                                                                                                                                                                                        SHA-512:969EEAA754519A58C352C24841852CF0E66C8A1ADBA9A50F6F659DC48C3000627503DDFB7522DA2DA48C301E439892DE9188BF94EEAF1AE211742E48204C5E42
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%.J..."......P.....................................................`..........................................l.......m..d...............................,...@f...............................e..@............`...............................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..,............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12800
                                                                                                                                                                                                                                        Entropy (8bit):4.999870226643325
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:DzFRF/1nb2mhQtk4axusjfkgZhoYDQgRjcqgQvEty:DzFd2f64axnTTz5D1gQvEty
                                                                                                                                                                                                                                        MD5:C89BECC2BECD40934FE78FCC0D74D941
                                                                                                                                                                                                                                        SHA1:D04680DF546E2D8A86F60F022544DB181F409C50
                                                                                                                                                                                                                                        SHA-256:E5B6E58D6DA8DB36B0673539F0C65C80B071A925D2246C42C54E9FCDD8CA08E3
                                                                                                                                                                                                                                        SHA-512:715B3F69933841BAADC1C30D616DB34E6959FD9257D65E31C39CD08C53AFA5653B0E87B41DCC3C5E73E57387A1E7E72C0A668578BD42D5561F4105055F02993C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*b..*b..*b..R...*b..Uc..*b.Rc..*b..*c..*b..Ug..*b..Uf..*b..Ua..*b..j..*b..b..*b....*b..`..*b.Rich.*b.................PE..d....e.........." ...%............P.....................................................`..........................................8......89..d....`.......P...............p..,....3...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..,....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13312
                                                                                                                                                                                                                                        Entropy (8bit):5.025153056783597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:AF/1nb2mhQtks0iiNqdF4mtPjD02A5APYcqgYvEL2x:62f6fFA/4GjDFcgYvEL2x
                                                                                                                                                                                                                                        MD5:C4CC05D3132FDFB05089F42364FC74D2
                                                                                                                                                                                                                                        SHA1:DA7A1AE5D93839577BBD25952A1672C831BC4F29
                                                                                                                                                                                                                                        SHA-256:8F3D92DE840ABB5A46015A8FF618FF411C73009CBAA448AC268A5C619CF84721
                                                                                                                                                                                                                                        SHA-512:C597C70B7AF8E77BEEEBF10C32B34C37F25C741991581D67CF22E0778F262E463C0F64AA37F92FBC4415FE675673F3F92544E109E5032E488F185F1CFBC839FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4Y..Z...Z...Z......Z..[...Z...[...Z...[...Z.._...Z..^...Z..Y...Z..RR...Z..RZ...Z..R....Z..RX...Z.Rich..Z.........PE..d....e.........." ...%............P.....................................................`..........................................8......h9..d....`.......P..X............p..,....2...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...8....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..,....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                        Entropy (8bit):5.235115741550938
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:XTRgffnRaNfBj9xih1LPK73jm6AXiN4rSRIh42gDhgvrjcqgCieT3WQ:XafgNpj9cHW3jqXeBRamDOZgCieT
                                                                                                                                                                                                                                        MD5:1E201DF4B4C8A8CD9DA1514C6C21D1C4
                                                                                                                                                                                                                                        SHA1:3DC8A9C20313AF189A3FFA51A2EAA1599586E1B2
                                                                                                                                                                                                                                        SHA-256:A428372185B72C90BE61AC45224133C4AF6AE6682C590B9A3968A757C0ABD6B4
                                                                                                                                                                                                                                        SHA-512:19232771D4EE3011938BA2A52FA8C32E00402055038B5EDF3DDB4C8691FA7AE751A1DC16766D777A41981B7C27B14E9C1AD6EBDA7FFE1B390205D0110546EE29
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%."... ......P.....................................................`.........................................`I......TJ..d....p.......`..p...............,....C...............................B..@............@...............................text...(!.......".................. ..`.rdata.......@.......&..............@..@.data........P.......6..............@....pdata..p....`.......8..............@..@.rsrc........p.......<..............@..@.reloc..,............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15360
                                                                                                                                                                                                                                        Entropy (8bit):5.133714807569085
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:JZNGXEgvUh43G6coX2SSwmPL4V7wTdDlpaY2cqgWjvE:EVMhuGGF2L4STdDyYWgWjvE
                                                                                                                                                                                                                                        MD5:76C84B62982843367C5F5D41B550825F
                                                                                                                                                                                                                                        SHA1:B6DE9B9BD0E2C84398EA89365E9F6D744836E03A
                                                                                                                                                                                                                                        SHA-256:EBCD946F1C432F93F396498A05BF07CC77EE8A74CE9C1A283BF9E23CA8618A4C
                                                                                                                                                                                                                                        SHA-512:03F8BB1D0D63BF26D8A6FFF62E94B85FFB4EA1857EB216A4DEB71C806CDE107BA0F9CC7017E3779489C5CEF5F0838EDB1D70F710BCDEB629364FC288794E6AFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..z...z...z......z..{...z...{...z...{...z......z..~...z..y...z..Rr...z..Rz...z..R....z..Rx...z.Rich..z.................PE..d....e.........." ...%..... ......P.....................................................`......................................... 9.......9..d....`.......P..|............p..,....3...............................1..@............0...............................text...X........................... ..`.rdata..(....0......."..............@..@.data........@.......2..............@....pdata..|....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..,....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35840
                                                                                                                                                                                                                                        Entropy (8bit):5.928082706906375
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:8bEkzS7+k9rMUb8cOe9rs9ja+V/Mhjh56GS:8bEP779rMtcOCs0I/Mhf
                                                                                                                                                                                                                                        MD5:B41160CF884B9E846B890E0645730834
                                                                                                                                                                                                                                        SHA1:A0F35613839A0F8F4A87506CD59200CCC3C09237
                                                                                                                                                                                                                                        SHA-256:48F296CCACE3878DE1148074510BD8D554A120CAFEF2D52C847E05EF7664FFC6
                                                                                                                                                                                                                                        SHA-512:F4D57351A627DD379D56C80DA035195292264F49DC94E597AA6638DF5F4CF69601F72CC64FC3C29C5CBE95D72326395C5C6F4938B7895C69A8D839654CFC8F26
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.^...0......`.....................................................`..........................................~..|...\...d...............................,....s...............................q..@............p..(............................text...8].......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12288
                                                                                                                                                                                                                                        Entropy (8bit):4.799063285091512
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nkCfXASTMeAk4OepIXcADp/X6RcqgO5vE:ZJMcPepIXcAD563gO5vE
                                                                                                                                                                                                                                        MD5:BA46602B59FCF8B01ABB135F1534D618
                                                                                                                                                                                                                                        SHA1:EFF5608E05639A17B08DCA5F9317E138BEF347B5
                                                                                                                                                                                                                                        SHA-256:B1BAB0E04AC60D1E7917621B03A8C72D1ED1F0251334E9FA12A8A1AC1F516529
                                                                                                                                                                                                                                        SHA-512:A5E2771623DA697D8EA2E3212FBDDE4E19B4A12982A689D42B351B244EFBA7EFA158E2ED1A2B5BC426A6F143E7DB810BA5542017AB09B5912B3ECC091F705C6E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K...*...*...*...RQ..*...U...*..R...*...*...*...U...*...U...*...U...*......*......*...=..*......*..Rich.*..................PE..d....e.........." ...%............P.....................................................`..........................................8..d...$9..d....`.......P..4............p..,....3...............................1..@............0...............................text...x........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..,....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):754688
                                                                                                                                                                                                                                        Entropy (8bit):7.624959985050181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:I1UrmZ9HoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h9:gYmzHoxJFf1p34hcrn5Go9yQO6L
                                                                                                                                                                                                                                        MD5:3F20627FDED2CF90E366B48EDF031178
                                                                                                                                                                                                                                        SHA1:00CED7CD274EFB217975457906625B1B1DA9EBDF
                                                                                                                                                                                                                                        SHA-256:E36242855879D71AC57FBD42BB4AE29C6D80B056F57B18CEE0B6B1C0E8D2CF57
                                                                                                                                                                                                                                        SHA-512:05DE7C74592B925BB6D37528FC59452C152E0DCFC1D390EA1C48C057403A419E5BE40330B2C5D5657FEA91E05F6B96470DDDF9D84FF05B9FD4192F73D460093C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&:..b[.Lb[.Lb[.Lk#sLd[.Lw$.M`[.L)#.Ma[.Lb[.LI[.Lw$.Mn[.Lw$.Mj[.Lw$.Ma[.LX..Mg[.LX..Mc[.LX..Lc[.LX..Mc[.LRichb[.L........................PE..d....e.........." ...%.n..........`.....................................................`..........................................p..d...tq..d...............0...............4...@Z...............................Y..@...............(............................text....l.......n.................. ..`.rdata...............r..............@..@.data................j..............@....pdata..0............r..............@..@.rsrc...............................@..@.reloc..4...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):27648
                                                                                                                                                                                                                                        Entropy (8bit):5.792654050660321
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:hBwi/rOF26VZW1n0n/Is42g9qhrnW0mvPauYhz35sWJftjb1Ddsia15gkbQ0e1:/L/g28Ufsxg9GmvPauYLxtX1D/kf
                                                                                                                                                                                                                                        MD5:290D936C1E0544B6EC98F031C8C2E9A3
                                                                                                                                                                                                                                        SHA1:CAEEA607F2D9352DD605B6A5B13A0C0CB1EA26EC
                                                                                                                                                                                                                                        SHA-256:8B00C859E36CBCE3EC19F18FA35E3A29B79DE54DA6030AAAD220AD766EDCDF0A
                                                                                                                                                                                                                                        SHA-512:F08B67B633D3A3F57F1183950390A35BF73B384855EAAB3AE895101FBC07BCC4990886F8DE657635AD528D6C861BC2793999857472A5307FFAA963AA6685D7E8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y..........)......................................R......R......RE.....R.....Rich...........PE..d....e.........." ...%.F...(......P.....................................................`..........................................j..0....k..d...............................,...pc..............................0b..@............`...............................text...xD.......F.................. ..`.rdata.."....`.......J..............@..@.data................\..............@....pdata...............d..............@..@.rsrc................h..............@..@.reloc..,............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):6.060461288575063
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:nqctkGACFI5t35q2JbL0UbkrwwOoKXyMH1B7M9rMdccdWxRLpq:nqctkGACFI5t35q2JbgrwwOoqLTM9rMh
                                                                                                                                                                                                                                        MD5:5782081B2A6F0A3C6B200869B89C7F7D
                                                                                                                                                                                                                                        SHA1:0D4E113FB52FE1923FE05CDF2AB9A4A9ABEFC42E
                                                                                                                                                                                                                                        SHA-256:E72E06C721DD617140EDEBADD866A91CF97F7215CBB732ECBEEA42C208931F49
                                                                                                                                                                                                                                        SHA-512:F7FD695E093EDE26FCFD0EE45ADB49D841538EB9DAAE5B0812F29F0C942FB13762E352C2255F5DB8911F10FA1B6749755B51AAE1C43D8DF06F1D10DE5E603706
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N4.|.U./.U./.U./.-a/.U./.*...U./A-...U./.U./!U./.*...U./.*...U./.*...U./0....U./0....U./0../.U./0....U./Rich.U./................PE..d......e.........." ...%.....8......`........................................@............`.........................................`...h.......d.... .......................0..,.......................................@............................................text............................... ..`.rdata..*...........................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..,....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\PublicKey\_x25519.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.488437566846231
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:tpVVdJvbrqTu6ZdpvY0IluLfcC75JiC4cs89EfqADwhDTAbcX6gn/7EC:5VddiT7pgTctdErDwDTicqgn/7
                                                                                                                                                                                                                                        MD5:289EBF8B1A4F3A12614CFA1399250D3A
                                                                                                                                                                                                                                        SHA1:66C05F77D814424B9509DD828111D93BC9FA9811
                                                                                                                                                                                                                                        SHA-256:79AC6F73C71CA8FDA442A42A116A34C62802F0F7E17729182899327971CFEB23
                                                                                                                                                                                                                                        SHA-512:4B95A210C9A4539332E2FB894D7DE4E1B34894876CCD06EEC5B0FC6F6E47DE75C0E298CF2F3B5832C9E028861A53B8C8E8A172A3BE3EC29A2C9E346642412138
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.h.r.h.r.h.{...p.h.g.i.p.h.9.i.q.h.r.i.V.h.g.m.y.h.g.l.z.h.g.k.q.h.H.`.s.h.H.h.s.h.H...s.h.H.j.s.h.Richr.h.........................PE..d....e.........." ...%............P........................................p............`..........................................'..P...0(..P....P.......@...............`..,...P#..............................."..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.730605326965181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:MJVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EVAElIijKDQGrbMZYJWJcX6gbW6s:CVddiT7pgTctEEaEDKDlMCWJcqgbW6
                                                                                                                                                                                                                                        MD5:4D9C33AE53B38A9494B6FBFA3491149E
                                                                                                                                                                                                                                        SHA1:1A069E277B7E90A3AB0DCDEE1FE244632C9C3BE4
                                                                                                                                                                                                                                        SHA-256:0828CAD4D742D97888D3DFCE59E82369317847651BBA0F166023CB8ACA790B2B
                                                                                                                                                                                                                                        SHA-512:BDFBF29198A0C7ED69204BF9E9B6174EBB9E3BEE297DD1EB8EB9EA6D7CAF1CC5E076F7B44893E58CCF3D0958F5E3BDEE12BD090714BEB5889836EE6F12F0F49E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`..........................................'..|....'..P....P.......@...............`..,...."...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10240
                                                                                                                                                                                                                                        Entropy (8bit):4.685843290341897
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:6ZVVdJvbrqTu6ZdpvY0IluLfcC75JiCKs89EMz3DHWMoG4BcX6gbW6O:IVddiT7pgTctEEO3DLoHcqgbW6
                                                                                                                                                                                                                                        MD5:8F4313755F65509357E281744941BD36
                                                                                                                                                                                                                                        SHA1:2AAF3F89E56EC6731B2A5FA40A2FE69B751EAFC0
                                                                                                                                                                                                                                        SHA-256:70D90DDF87A9608699BE6BBEDF89AD469632FD0ADC20A69DA07618596D443639
                                                                                                                                                                                                                                        SHA-512:FED2B1007E31D73F18605FB164FEE5B46034155AB5BB7FE9B255241CFA75FF0E39749200EB47A9AB1380D9F36F51AFBA45490979AB7D112F4D673A0C67899EF4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.`.r.`.r.`.{...p.`.g.a.p.`.9.a.q.`.r.a.Q.`.g.e.y.`.g.d.z.`.g.c.q.`.H.h.s.`.H.`.s.`.H...s.`.H.b.s.`.Richr.`.................PE..d....e.........." ...%............P........................................p............`.........................................`'..t....'..P....P.......@...............`..,...."...............................!..@............ ...............................text...x........................... ..`.rdata....... ......................@..@.data...8....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..,....`.......&..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\VCRUNTIME140.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):119192
                                                                                                                                                                                                                                        Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                        MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                        SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                        SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                        SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49528
                                                                                                                                                                                                                                        Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                        MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                        SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                        SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                        SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_asyncio.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):71448
                                                                                                                                                                                                                                        Entropy (8bit):6.247581706260346
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                                                        MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                                                        SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                                                        SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                                                        SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_bz2.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):84760
                                                                                                                                                                                                                                        Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                                                        MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                                                        SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                                                        SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                                                        SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):182784
                                                                                                                                                                                                                                        Entropy (8bit):6.193615170968096
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                                                        MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                                                        SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                                                        SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                                                        SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_ctypes.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):125208
                                                                                                                                                                                                                                        Entropy (8bit):6.128664719423826
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                                                        MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                                                        SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                                                        SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                                                        SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_decimal.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):252696
                                                                                                                                                                                                                                        Entropy (8bit):6.564448148079112
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                                                        MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                                                        SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                                                        SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                                                        SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_hashlib.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):65816
                                                                                                                                                                                                                                        Entropy (8bit):6.242741772115205
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                                                        MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                                                        SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                                                        SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                                                        SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_lzma.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):159512
                                                                                                                                                                                                                                        Entropy (8bit):6.846323229710623
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                                                        MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                                                        SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                                                        SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                                                        SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_multiprocessing.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):35096
                                                                                                                                                                                                                                        Entropy (8bit):6.461229529356597
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                                                        MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                                                        SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                                                        SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                                                        SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_overlapped.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55576
                                                                                                                                                                                                                                        Entropy (8bit):6.342203411267264
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                                                        MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                                                        SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                                                        SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                                                        SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_queue.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32536
                                                                                                                                                                                                                                        Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                                                        MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                                                        SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                                                        SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                                                        SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_socket.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):83224
                                                                                                                                                                                                                                        Entropy (8bit):6.338326324626716
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                                                        MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                                                        SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                                                        SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                                                        SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_sqlite3.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):124696
                                                                                                                                                                                                                                        Entropy (8bit):6.266006891462829
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:9PfqZRAWgyjwzCO4w5y3DUfUK8PtIAOQMo:oAWgKw2C5iSUv1
                                                                                                                                                                                                                                        MD5:506B13DD3D5892B16857E3E3B8A95AFB
                                                                                                                                                                                                                                        SHA1:42E654B36F1C79000084599D49B862E4E23D75FF
                                                                                                                                                                                                                                        SHA-256:04F645A32B0C58760CC6C71D09224FE90E50409EF5C81D69C85D151DFE65AFF9
                                                                                                                                                                                                                                        SHA-512:A94F0E9F2212E0B89EB0B5C64598B18AF71B59E1297F0F6475FA4674AE56780B1E586B5EB952C8C9FEBAD38C28AFD784273BBF56645DB2C405AFAE6F472FB65C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................}........................:...................:......:......:......:.....Rich...................PE..d.....e.........." ...%.............................................................d....`.........................................`o..P....o..................8......../.......... ...T...............................@............................................text............................... ..`.rdata..............................@..@.data...8............|..............@....pdata..8...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_ssl.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):177432
                                                                                                                                                                                                                                        Entropy (8bit):5.976892131161338
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                                                        MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                                                        SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                                                        SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                                                        SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\_wmi.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):36632
                                                                                                                                                                                                                                        Entropy (8bit):6.357254511176439
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                                                        MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                                                        SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                                                        SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                                                        SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.608323768366966
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:KFOWWthWzWf9BvVVWQ4mWqyVT/gqnajKsrCS81:uZWthWeN01IlGsrCt
                                                                                                                                                                                                                                        MD5:07EBE4D5CEF3301CCF07430F4C3E32D8
                                                                                                                                                                                                                                        SHA1:3B878B2B2720915773F16DBA6D493DAB0680AC5F
                                                                                                                                                                                                                                        SHA-256:8F8B79150E850ACC92FD6AAB614F6E3759BEA875134A62087D5DD65581E3001F
                                                                                                                                                                                                                                        SHA-512:6C7E4DF62EBAE9934B698F231CF51F54743CF3303CD758573D00F872B8ECC2AF1F556B094503AAE91100189C0D0A93EAF1B7CAFEC677F384A1D7B4FDA2EEE598
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0............`A........................................p...,............ ...................!..............p............................................................................rdata..d...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11736
                                                                                                                                                                                                                                        Entropy (8bit):6.6074868843808785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:PUWthW6Wf9BvVVWQ4SWZifvXqnajJ6HNbLet:MWthW3NhXll6HZm
                                                                                                                                                                                                                                        MD5:557405C47613DE66B111D0E2B01F2FDB
                                                                                                                                                                                                                                        SHA1:DE116ED5DE1FFAA900732709E5E4EEF921EAD63C
                                                                                                                                                                                                                                        SHA-256:913EAAA7997A6AEE53574CFFB83F9C9C1700B1D8B46744A5E12D76A1E53376FD
                                                                                                                                                                                                                                        SHA-512:C2B326F555B2B7ACB7849402AC85922880105857C616EF98F7FB4BBBDC2CD7F2AF010F4A747875646FCC272AB8AA4CE290B6E09A9896CE1587E638502BD4BEFB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...p.~..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..H...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.622854484071805
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:tlWthWFWf9BvVVWQ4mWIzWLiP+CjAWqnajKsNb7:/WthWANnWLiP+CcWlGsNb7
                                                                                                                                                                                                                                        MD5:624401F31A706B1AE2245EB19264DC7F
                                                                                                                                                                                                                                        SHA1:8D9DEF3750C18DDFC044D5568E3406D5D0FB9285
                                                                                                                                                                                                                                        SHA-256:58A8D69DF60ECBEE776CD9A74B2A32B14BF2B0BD92D527EC5F19502A0D3EB8E9
                                                                                                                                                                                                                                        SHA-512:3353734B556D6EEBC57734827450CE3B34D010E0C033E95A6E60800C0FDA79A1958EBF9053F12054026525D95D24EEC541633186F00F162475CEC19F07A0D817
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...YJ..........." .........................................................0.......s....`A........................................p................ ...................!..............p............................................................................rdata..T...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.670771733256744
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:1mxD3+HWthWiWf9BvVVWQ4WWuhD7DiqnajKswz3:19HWthWfN/GlGswz3
                                                                                                                                                                                                                                        MD5:2DB5666D3600A4ABCE86BE0099C6B881
                                                                                                                                                                                                                                        SHA1:63D5DDA4CEC0076884BC678C691BDD2A4FA1D906
                                                                                                                                                                                                                                        SHA-256:46079C0A1B660FC187AAFD760707F369D0B60D424D878C57685545A3FCE95819
                                                                                                                                                                                                                                        SHA-512:7C6E1E022DB4217A85A4012C8E4DAEE0A0F987E4FBA8A4C952424EF28E250BAC38B088C242D72B4641157B7CC882161AEFA177765A2E23AFCDC627188A084345
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....^[..........." .........................................................0......@^....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15328
                                                                                                                                                                                                                                        Entropy (8bit):6.561472518225768
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:RaNYPvVX8rFTsoWthWgWf9BvVVWQ4SWfMaPOoI80Hy5qnajslBE87QyX:HPvVXqWthWlN2WlslEE87Qw
                                                                                                                                                                                                                                        MD5:0F7D418C05128246AFA335A1FB400CB9
                                                                                                                                                                                                                                        SHA1:F6313E371ED5A1DFFE35815CC5D25981184D0368
                                                                                                                                                                                                                                        SHA-256:5C9BC70586AD538B0DF1FCF5D6F1F3527450AE16935AA34BD7EB494B4F1B2DB9
                                                                                                                                                                                                                                        SHA-512:7555D9D3311C8622DF6782748C2186A3738C4807FC58DF2F75E539729FC4069DB23739F391950303F12E0D25DF9F065B4C52E13B2EBB6D417CA4C12CFDECA631
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...*.;A.........." .........................................................@.......m....`A........................................p................0...................!..............p............................................................................rdata..<...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.638884356866373
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jlWaWthWAWf9BvVVWQ4WWloprVP+CjAWqnajKsNWqL:jIaWthWFNxtVP+CcWlGsNxL
                                                                                                                                                                                                                                        MD5:5A72A803DF2B425D5AAFF21F0F064011
                                                                                                                                                                                                                                        SHA1:4B31963D981C07A7AB2A0D1A706067C539C55EC5
                                                                                                                                                                                                                                        SHA-256:629E52BA4E2DCA91B10EF7729A1722888E01284EED7DDA6030D0A1EC46C94086
                                                                                                                                                                                                                                        SHA-512:BF44997C405C2BA80100EB0F2FF7304938FC69E4D7AE3EAC52B3C236C3188E80C9F18BDA226B5F4FDE0112320E74C198AD985F9FFD7CEA99ACA22980C39C7F69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...=+vj.........." .........................................................0.......N....`A........................................p...L............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11744
                                                                                                                                                                                                                                        Entropy (8bit):6.744400973311854
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:imdzvQzEWthWwMVDEs3f0DHDsVBIwgmqvrnDD0ADEs3TDL2L4m2grMWaLN5DEs3r:v3WthWyWf9BvVVWQ4SWVVFJqqnajW2y
                                                                                                                                                                                                                                        MD5:721B60B85094851C06D572F0BD5D88CD
                                                                                                                                                                                                                                        SHA1:4D0EE4D717AEB9C35DA8621A545D3E2B9F19B4E7
                                                                                                                                                                                                                                        SHA-256:DAC867476CAA42FF8DF8F5DFE869FFD56A18DADEE17D47889AFB69ED6519AFBF
                                                                                                                                                                                                                                        SHA-512:430A91FCECDE4C8CC4AC7EB9B4C6619243AB244EE88C34C9E93CA918E54BD42B08ACA8EA4475D4C0F5FA95241E4AACB3206CBAE863E92D15528C8E7C9F45601B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......T`....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11736
                                                                                                                                                                                                                                        Entropy (8bit):6.638488013343178
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:frWthWFWf9BvVVWQ4SWNOfvXqnajJ6H4WJ:frWthWANRXll6H4WJ
                                                                                                                                                                                                                                        MD5:D1DF480505F2D23C0B5C53DF2E0E2A1A
                                                                                                                                                                                                                                        SHA1:207DB9568AFD273E864B05C87282987E7E81D0BA
                                                                                                                                                                                                                                        SHA-256:0B3DFB8554EAD94D5DA7859A12DB353942406F9D1DFE3FAC3D48663C233EA99D
                                                                                                                                                                                                                                        SHA-512:F14239420F5DD84A15FF5FCA2FAD81D0AA9280C566FA581122A018E10EBDF308AC0BF1D3FCFC08634C1058C395C767130C5ABCA55540295C68DF24FFD931CA0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....(..........." .........................................................0......;.....`A........................................p...`............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12256
                                                                                                                                                                                                                                        Entropy (8bit):6.588267640761022
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:txlkWthW2Wf9BvVVWQ4SWBBBuUgxfzfqnaj0OTWv:txlkWthW7NkIrloFv
                                                                                                                                                                                                                                        MD5:73433EBFC9A47ED16EA544DDD308EAF8
                                                                                                                                                                                                                                        SHA1:AC1DA1378DD79762C6619C9A63FD1EBE4D360C6F
                                                                                                                                                                                                                                        SHA-256:C43075B1D2386A8A262DE628C93A65350E52EAE82582B27F879708364B978E29
                                                                                                                                                                                                                                        SHA-512:1C28CC0D3D02D4C308A86E9D0BC2DA88333DFA8C92305EC706F3E389F7BB6D15053040AFD1C4F0AA3383F3549495343A537D09FE882DB6ED12B7507115E5A263
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....pi..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..<...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.678828474114903
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:4TWthWckWf9BvVVWQ4mWQAyUD7DiqnajKswzjdg:4TWthWcRNqGlGswzji
                                                                                                                                                                                                                                        MD5:7C7B61FFA29209B13D2506418746780B
                                                                                                                                                                                                                                        SHA1:08F3A819B5229734D98D58291BE4BFA0BEC8F761
                                                                                                                                                                                                                                        SHA-256:C23FE8D5C3CA89189D11EC8DF983CC144D168CB54D9EAB5D9532767BCB2F1FA3
                                                                                                                                                                                                                                        SHA-512:6E5E3485D980E7E2824665CBFE4F1619B3E61CE3BCBF103979532E2B1C3D22C89F65BCFBDDBB5FE88CDDD096F8FD72D498E8EE35C3C2307BACECC6DEBBC1C97F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....|............" .........................................................0.......3....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.602852377056617
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Us13vuBL3B5LoWthW7Wf9BvVVWQ4mWgB7OQP+CjAWqnajKsN9arO:Us13vuBL3B2WthWmNVXP+CcWlGsN9P
                                                                                                                                                                                                                                        MD5:6D0550D3A64BD3FD1D1B739133EFB133
                                                                                                                                                                                                                                        SHA1:C7596FDE7EA1C676F0CC679CED8BA810D15A4AFE
                                                                                                                                                                                                                                        SHA-256:F320F9C0463DE641B396CE7561AF995DE32211E144407828B117088CF289DF91
                                                                                                                                                                                                                                        SHA-512:5DA9D490EF54A1129C94CE51349399B9012FC0D4B575AE6C9F1BAFCFCF7F65266F797C539489F882D4AD924C94428B72F5137009A851ECB541FE7FB9DE12FEB2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...]. ,.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..X...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14800
                                                                                                                                                                                                                                        Entropy (8bit):6.528059454770997
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:On2OMw3zdp3bwjGfue9/0jCRrndbZWWthWdNHhfVlGsSH:/OMwBprwjGfue9/0jCRrndbLEKv
                                                                                                                                                                                                                                        MD5:1ED0B196AB58EDB58FCF84E1739C63CE
                                                                                                                                                                                                                                        SHA1:AC7D6C77629BDEE1DF7E380CC9559E09D51D75B7
                                                                                                                                                                                                                                        SHA-256:8664222823E122FCA724620FD8B72187FC5336C737D891D3CEF85F4F533B8DE2
                                                                                                                                                                                                                                        SHA-512:E1FA7F14F39C97AAA3104F3E13098626B5F7CFD665BA52DCB2312A329639AAF5083A9177E4686D11C4213E28ACC40E2C027988074B6CC13C5016D5C5E9EF897B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...w............" .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.659218747104705
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2E+tWthWvWf9BvVVWQ4mWxHD7DiqnajKswzGIAf:T+tWthWiNcGlGswzLAf
                                                                                                                                                                                                                                        MD5:721BAEA26A27134792C5CCC613F212B2
                                                                                                                                                                                                                                        SHA1:2A27DCD2436DF656A8264A949D9CE00EAB4E35E8
                                                                                                                                                                                                                                        SHA-256:5D9767D8CCA0FBFD5801BFF2E0C2ADDDD1BAAAA8175543625609ABCE1A9257BD
                                                                                                                                                                                                                                        SHA-512:9FD6058407AA95058ED2FDA9D391B7A35FA99395EC719B83C5116E91C9B448A6D853ECC731D0BDF448D1436382EECC1FA9101F73FA242D826CC13C4FD881D9BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...,OT..........." .........................................................0...........`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.739082809754283
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vdWthW8Wf9BvVVWQ4mWG2P+CjAWqnajKsNt:lWthWJNUP+CcWlGsNt
                                                                                                                                                                                                                                        MD5:B3F887142F40CB176B59E58458F8C46D
                                                                                                                                                                                                                                        SHA1:A05948ABA6F58EB99BBAC54FA3ED0338D40CBFAD
                                                                                                                                                                                                                                        SHA-256:8E015CDF2561450ED9A0773BE1159463163C19EAB2B6976155117D16C36519DA
                                                                                                                                                                                                                                        SHA-512:7B762319EC58E3FCB84B215AE142699B766FA9D5A26E1A727572EE6ED4F5D19C859EFB568C0268846B4AA5506422D6DD9B4854DA2C9B419BFEC754F547203F7E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...X.j..........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.601112204637961
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:GFPWthW5Wf9BvVVWQ4mWc0ZD7DiqnajKswzczr:GFPWthWsNiGlGswzq
                                                                                                                                                                                                                                        MD5:89F35CB1212A1FD8FBE960795C92D6E8
                                                                                                                                                                                                                                        SHA1:061AE273A75324885DD098EE1FF4246A97E1E60C
                                                                                                                                                                                                                                        SHA-256:058EB7CE88C22D2FF7D3E61E6593CA4E3D6DF449F984BF251D9432665E1517D1
                                                                                                                                                                                                                                        SHA-512:F9E81F1FEAB1535128B16E9FF389BD3DAAAB8D1DABF64270F9E563BE9D370C023DE5D5306DD0DE6D27A5A099E7C073D17499442F058EC1D20B9D37F56BCFE6D2
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...ig............" .........................................................0......H.....`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14288
                                                                                                                                                                                                                                        Entropy (8bit):6.521808801015781
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:/uUk1Jzb9cKcIzWthWzaWf9BvVVWQ4mWmrcLUVT/gqnajKsrCOV:/bk1JzBcKcIzWthWzXNz1IlGsrCOV
                                                                                                                                                                                                                                        MD5:0C933A4B3C2FCF1F805EDD849428C732
                                                                                                                                                                                                                                        SHA1:B8B19318DBB1D2B7D262527ABD1468D099DE3FB6
                                                                                                                                                                                                                                        SHA-256:A5B733E3DCE21AB62BD4010F151B3578C6F1246DA4A96D51AC60817865648DD3
                                                                                                                                                                                                                                        SHA-512:B25ED54345A5B14E06AA9DADD07B465C14C23225023D7225E04FBD8A439E184A7D43AB40DF80E3F8A3C0F2D5C7A79B402DDC6B9093D0D798E612F4406284E39D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....U..........." .........................................................0......Y.....`A........................................p................ ...................!..............p............................................................................rdata..4...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.671157737548847
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:7oDfIeVWthWZWf9BvVVWQ4mWaHvP+CjAWqnajKsNZ:7oDfIeVWthWMNVP+CcWlGsNZ
                                                                                                                                                                                                                                        MD5:7E8B61D27A9D04E28D4DAE0BFA0902ED
                                                                                                                                                                                                                                        SHA1:861A7B31022915F26FB49C79AC357C65782C9F4B
                                                                                                                                                                                                                                        SHA-256:1EF06C600C451E66E744B2CA356B7F4B7B88BA2F52EC7795858D21525848AC8C
                                                                                                                                                                                                                                        SHA-512:1C5B35026937B45BEB76CB8D79334A306342C57A8E36CC15D633458582FC8F7D9AB70ACE7A92144288C6C017F33ECFC20477A04432619B40A21C9CDA8D249F6D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........................................................0......N.....`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.599056003106114
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:gR7WthWTVWf9BvVVWQ4mWg2a5P+CjAWqnajKsNQbWl:gVWthWkN/P+CcWlGsNMg
                                                                                                                                                                                                                                        MD5:8D12FFD920314B71F2C32614CC124FEC
                                                                                                                                                                                                                                        SHA1:251A98F2C75C2E25FFD0580F90657A3EA7895F30
                                                                                                                                                                                                                                        SHA-256:E63550608DD58040304EA85367E9E0722038BA8E7DC7BF9D91C4D84F0EC65887
                                                                                                                                                                                                                                        SHA-512:5084C739D7DE465A9A78BCDBB8A3BD063B84A68DCFD3C9EF1BFA224C1CC06580E2A2523FD4696CFC48E9FD068A2C44DBC794DD9BDB43DC74B4E854C82ECD3EA5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....X4.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.602527553095181
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:zGeVfcWthW+Wf9BvVVWQ4mWMiSID7DiqnajKswz5g:zGeVfcWthWjN6SIGlGswza
                                                                                                                                                                                                                                        MD5:9FA3FC24186D912B0694A572847D6D74
                                                                                                                                                                                                                                        SHA1:93184E00CBDDACAB7F2AD78447D0EAC1B764114D
                                                                                                                                                                                                                                        SHA-256:91508AB353B90B30FF2551020E9755D7AB0E860308F16C2F6417DFB2E9A75014
                                                                                                                                                                                                                                        SHA-512:95AD31C9082F57EA57F5B4C605331FCAD62735A1862AFB01EF8A67FEA4E450154C1AE0C411CF3AC5B9CD35741F8100409CC1910F69C1B2D807D252389812F594
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....P..........." .........................................................0.......`....`A........................................p................ ...................!..............p............................................................................rdata..P...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.6806369134652055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:qyMv0WthWPWf9BvVVWQ4mWIv/r+YVqnajKsSF:qyMv0WthWCNBfVlGsSF
                                                                                                                                                                                                                                        MD5:C9CBAD5632D4D42A1BC25CCFA8833601
                                                                                                                                                                                                                                        SHA1:09F37353A89F1BFE49F7508559DA2922B8EFEB05
                                                                                                                                                                                                                                        SHA-256:F3A7A9C98EBE915B1B57C16E27FFFD4DDF31A82F0F21C06FE292878E48F5883E
                                                                                                                                                                                                                                        SHA-512:2412E0AFFDC6DB069DE7BD9666B7BAA1CD76AA8D976C9649A4C2F1FFCE27F8269C9B02DA5FD486EC86B54231B1A5EBF6A1C72790815B7C253FEE1F211086892F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....E.=.........." .........................................................0............`A........................................p................ ...................!..............p............................................................................rdata..,...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13776
                                                                                                                                                                                                                                        Entropy (8bit):6.573983778839785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:miwidv3V0dfpkXc0vVauzIWthWLN3fVlGsStY:nHdv3VqpkXc0vVaKbiYlY
                                                                                                                                                                                                                                        MD5:4CCDE2D1681217E282996E27F3D9ED2E
                                                                                                                                                                                                                                        SHA1:8EDA134B0294ED35E4BBAC4911DA620301A3F34D
                                                                                                                                                                                                                                        SHA-256:D6708D1254ED88A948871771D6D1296945E1AA3AEB7E33E16CC378F396C61045
                                                                                                                                                                                                                                        SHA-512:93FE6AE9A947AC88CC5ED78996E555700340E110D12B2651F11956DB7CEE66322C269717D31FCCB31744F4C572A455B156B368F08B70EDA9EFFEC6DE01DBAB23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....k,..........." .........................................................0......3.....`A........................................p...X............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.7137872023984055
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:TtZ3KjWthWzWf9BvVVWQ4mWXU0P+CjAWqnajKsN2v:TtZ3KjWthWeNwP+CcWlGsNa
                                                                                                                                                                                                                                        MD5:E86CFC5E1147C25972A5EEFED7BE989F
                                                                                                                                                                                                                                        SHA1:0075091C0B1F2809393C5B8B5921586BDD389B29
                                                                                                                                                                                                                                        SHA-256:72C639D1AFDA32A65143BCBE016FE5D8B46D17924F5F5190EB04EFE954C1199A
                                                                                                                                                                                                                                        SHA-512:EA58A8D5AA587B7F5BDE74B4D394921902412617100ED161A7E0BEF6B3C91C5DAE657065EA7805A152DD76992997017E070F5415EF120812B0D61A401AA8C110
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...jN/..........." .........................................................0............`A........................................p...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12768
                                                                                                                                                                                                                                        Entropy (8bit):6.614330511483598
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vgdKIMFYJWthW2Wf9BvVVWQ4SW2zZ7uUgxfzfqnaj0OGWh:0hJWthW7NBzIrloYh
                                                                                                                                                                                                                                        MD5:206ADCB409A1C9A026F7AFDFC2933202
                                                                                                                                                                                                                                        SHA1:BB67E1232A536A4D1AE63370BD1A9B5431335E77
                                                                                                                                                                                                                                        SHA-256:76D8E4ED946DEEFEEFA0D0012C276F0B61F3D1C84AF00533F4931546CBB2F99E
                                                                                                                                                                                                                                        SHA-512:727AA0C4CD1A0B7E2AFFDCED5DA3A0E898E9BAE3C731FF804406AD13864CEE2B27E5BAAC653BAB9A0D2D961489915D4FCAD18557D4383ECB0A066902276955A7
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....~y..........." .........................................................0............`A........................................p...H............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.704366348384627
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:Ha2WthWKOWf9BvVVWQ4mWNOrVT/gqnajKsrCkb:Ha2WthWKTNz1IlGsrCo
                                                                                                                                                                                                                                        MD5:91A2AE3C4EB79CF748E15A58108409AD
                                                                                                                                                                                                                                        SHA1:D402B9DF99723EA26A141BFC640D78EAF0B0111B
                                                                                                                                                                                                                                        SHA-256:B0EDA99EABD32FEFECC478FD9FE7439A3F646A864FDAB4EC3C1F18574B5F8B34
                                                                                                                                                                                                                                        SHA-512:8527AF610C1E2101B6F336A142B1A85AC9C19BB3AF4AD4A245CFB6FD602DC185DA0F7803358067099475102F3A8F10A834DC75B56D3E6DED2ED833C00AD217ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....%j.........." .........................................................0......|B....`A........................................p...P............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11728
                                                                                                                                                                                                                                        Entropy (8bit):6.623077637622405
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:jWthWYWf9BvVVWQ4mWd8l1P+CjAWqnajKsNeCw:jWthW9NnP+CcWlGsNex
                                                                                                                                                                                                                                        MD5:1E4C4C8E643DE249401E954488744997
                                                                                                                                                                                                                                        SHA1:DB1C4C0FC907100F204B21474E8CD2DB0135BC61
                                                                                                                                                                                                                                        SHA-256:F28A8FE2CD7E8E00B6D2EC273C16DB6E6EEA9B6B16F7F69887154B6228AF981E
                                                                                                                                                                                                                                        SHA-512:EF8411FD321C0E363C2E5742312CC566E616D4B0A65EFF4FB6F1B22FDBEA3410E1D75B99E889939FF70AD4629C84CEDC88F6794896428C5F0355143443FDC3A3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d.....R..........." .........................................................0............`A........................................p...<............ ...................!..............p............................................................................rdata..p...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.643812426159955
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:fSWthWvWf9BvVVWQ4mWFl5P+CjAWqnajKsNifl:aWthWiN+5P+CcWlGsNiN
                                                                                                                                                                                                                                        MD5:FA770BCD70208A479BDE8086D02C22DA
                                                                                                                                                                                                                                        SHA1:28EE5F3CE3732A55CA60AEE781212F117C6F3B26
                                                                                                                                                                                                                                        SHA-256:E677497C1BAEFFFB33A17D22A99B76B7FA7AE7A0C84E12FDA27D9BE5C3D104CF
                                                                                                                                                                                                                                        SHA-512:F8D81E350CEBDBA5AFB579A072BAD7986691E9F3D4C9FEBCA8756B807301782EE6EB5BA16B045CFA29B6E4F4696E0554C718D36D4E64431F46D1E4B1F42DC2B8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................" .........................................................0......l.....`A........................................P................ ...................!..............p............................................................................rdata..@...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15824
                                                                                                                                                                                                                                        Entropy (8bit):6.438848882089563
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:yjQ/w8u4cyNWthWYWf9BvVVWQ4mWhu1BVT/gqnajKsrC74m:8yNWthW9Np1IlGsrCEm
                                                                                                                                                                                                                                        MD5:4EC4790281017E616AF632DA1DC624E1
                                                                                                                                                                                                                                        SHA1:342B15C5D3E34AB4AC0B9904B95D0D5B074447B7
                                                                                                                                                                                                                                        SHA-256:5CF5BBB861608131B5F560CBF34A3292C80886B7C75357ACC779E0BF98E16639
                                                                                                                                                                                                                                        SHA-512:80C4E20D37EFF29C7577B2D0ED67539A9C2C228EDB48AB05D72648A6ED38F5FF537715C130342BEB0E3EF16EB11179B9B484303354A026BDA3A86D5414D24E69
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....P............" .........................................................@............`A........................................P................0...................!..............p............................................................................rdata..>...........................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.6061629057490245
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:vWOPWthWAWf9BvVVWQ4mWWbgftmP+CjAWqnajKsNURPblh:BWthWFN+f8P+CcWlGsNURzv
                                                                                                                                                                                                                                        MD5:7A859E91FDCF78A584AC93AA85371BC9
                                                                                                                                                                                                                                        SHA1:1FA9D9CAD7CC26808E697373C1F5F32AAF59D6B7
                                                                                                                                                                                                                                        SHA-256:B7EE468F5B6C650DADA7DB3AD9E115A0E97135B3DF095C3220DFD22BA277B607
                                                                                                                                                                                                                                        SHA-512:A368F21ECA765AFCA86E03D59CF953500770F4A5BFF8B86B2AC53F1B5174C627E061CE9A1F781DC56506774E0D0B09725E9698D4DC2D3A59E93DA7EF3D900887
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...t............." .........................................................0......H.....`A........................................P..."............ ...................!..............p............................................................................rdata..r...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13776
                                                                                                                                                                                                                                        Entropy (8bit):6.65347762698107
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:WxSnWlC0i5ClWthWTWf9BvVVWQ4mW+hkKVT/gqnajKsrCw/:WxSnWm5ClWthW+NkK1IlGsrCY
                                                                                                                                                                                                                                        MD5:972544ADE7E32BFDEB28B39BC734CDEE
                                                                                                                                                                                                                                        SHA1:87816F4AFABBDEC0EC2CFEB417748398505C5AA9
                                                                                                                                                                                                                                        SHA-256:7102F8D9D0F3F689129D7FE071B234077FBA4DD3687071D1E2AEAA137B123F86
                                                                                                                                                                                                                                        SHA-512:5E1131B405E0C7A255B1C51073AFF99E2D5C0D28FD3E55CABC04D463758A575A954008EA1BA5B4E2B345B49AF448B93AD21DFC4A01573B3CB6E7256D9ECCEEF1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...1............" .........................................................0......':....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.58394079658593
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:YFY17aFBRQWthWIWf9BvVVWQ4mWHhOP+CjAWqnajKsNngJ:YQtWthWNNdP+CcWlGsNI
                                                                                                                                                                                                                                        MD5:8906279245F7385B189A6B0B67DF2D7C
                                                                                                                                                                                                                                        SHA1:FCF03D9043A2DAAFE8E28DEE0B130513677227E4
                                                                                                                                                                                                                                        SHA-256:F5183B8D7462C01031992267FE85680AB9C5B279BEDC0B25AB219F7C2184766F
                                                                                                                                                                                                                                        SHA-512:67CAC89AE58CC715976107F3BDF279B1E78945AFD07E6F657E076D78E92EE1A98E3E7B8FEAE295AF5CE35E00C804F3F53A890895BADB1EED32377D85C21672B9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d................." .........................................................0.......l....`A........................................P................ ...................!..............p............................................................................rdata..f...........................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.696904963591775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:m8qWthWLWf9BvVVWQ4WWLXlyBZr+YVqnajKsS1:mlWthWWN0uZfVlGsS1
                                                                                                                                                                                                                                        MD5:DD8176E132EEDEA3322443046AC35CA2
                                                                                                                                                                                                                                        SHA1:D13587C7CC52B2C6FBCAA548C8ED2C771A260769
                                                                                                                                                                                                                                        SHA-256:2EB96422375F1A7B687115B132A4005D2E7D3D5DC091FB0EB22A6471E712848E
                                                                                                                                                                                                                                        SHA-512:77CB8C44C8CC8DD29997FBA4424407579AC91176482DB3CF7BC37E1F9F6AA4C4F5BA14862D2F3A9C05D1FDD7CA5A043B5F566BD0E9A9E1ED837DA9C11803B253
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...r..[.........." .........................................................0.......P....`A........................................P...e............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):20944
                                                                                                                                                                                                                                        Entropy (8bit):6.216554714002396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:rQM4Oe59Ckb1hgmLRWthW0N0JBJ1IlGsrC5W:sMq59Bb1jYNABHJc
                                                                                                                                                                                                                                        MD5:A6A3D6D11D623E16866F38185853FACD
                                                                                                                                                                                                                                        SHA1:FBEADD1E9016908ECCE5753DE1D435D6FCF3D0B5
                                                                                                                                                                                                                                        SHA-256:A768339F0B03674735404248A039EC8591FCBA6FF61A3C6812414537BADD23B0
                                                                                                                                                                                                                                        SHA-512:ABBF32CEB35E5EC6C1562F9F3B2652B96B7DBD97BFC08D918F987C0EC0503E8390DD697476B2A2389F0172CD8CF16029FD2EC5F32A9BA3688BF2EBEEFB081B2C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d..............." .........,...............................................P............`A........................................P....%...........@...............0...!..............p............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12752
                                                                                                                                                                                                                                        Entropy (8bit):6.604643094751227
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:uFdyqjd7NWthWxWf9BvVVWQ4mW+JZD7DiqnajKswzR1:YQsWthWkNfZGlGswzR1
                                                                                                                                                                                                                                        MD5:074B81A625FB68159431BB556D28FAB5
                                                                                                                                                                                                                                        SHA1:20F8EAD66D548CFA861BC366BB1250CED165BE24
                                                                                                                                                                                                                                        SHA-256:3AF38920E767BD9EBC08F88EAF2D08C748A267C7EC60EAB41C49B3F282A4CF65
                                                                                                                                                                                                                                        SHA-512:36388C3EFFA0D94CF626DECAA1DA427801CC5607A2106ABDADF92252C6F6FD2CE5BF0802F5D0A4245A1FFDB4481464C99D60510CF95E83EBAF17BD3D6ACBC3DC
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....u..........." .........................................................0............`A........................................P...x............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16336
                                                                                                                                                                                                                                        Entropy (8bit):6.449023660091811
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:eUW9MPrpJhhf4AN5/KihWthWBWf9BvVVWQ4mWRXwsD7DiqnajKswzK:eUZr7HWthWUNkGlGswzK
                                                                                                                                                                                                                                        MD5:F1A23C251FCBB7041496352EC9BCFFBE
                                                                                                                                                                                                                                        SHA1:BE4A00642EC82465BC7B3D0CC07D4E8DF72094E8
                                                                                                                                                                                                                                        SHA-256:D899C2F061952B3B97AB9CDBCA2450290B0F005909DDD243ED0F4C511D32C198
                                                                                                                                                                                                                                        SHA-512:31F8C5CD3B6E153073E2E2EDF0CA8072D0F787784F1611A57219349C1D57D6798A3ADBD6942B0F16CEF781634DD8691A5EC0B506DF21B24CB70AEE5523A03FD9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....h.y.........." .........................................................@............`A........................................P...4............0...................!..............p............................................................................rdata..............................@..@.rsrc........0......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17872
                                                                                                                                                                                                                                        Entropy (8bit):6.3934828478655685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:hA2uWYFxEpahDWthWDWf9BvVVWQ4mWR3ir+YVqnajKsSO:hIFVhDWthWONlfVlGsSO
                                                                                                                                                                                                                                        MD5:55B2EB7F17F82B2096E94BCA9D2DB901
                                                                                                                                                                                                                                        SHA1:44D85F1B1134EE7A609165E9C142188C0F0B17E0
                                                                                                                                                                                                                                        SHA-256:F9D3F380023A4C45E74170FE69B32BCA506EE1E1FBE670D965D5B50C616DA0CB
                                                                                                                                                                                                                                        SHA-512:0CF0770F5965A83F546253DECFA967D8F85C340B5F6EA220D3CAA14245F3CDB37C53BF8D3DA6C35297B22A3FA88E7621202634F6B3649D7D9C166A221D3456A5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d......w.........." ......... ...............................................@......>>....`A........................................P...a............0...............$...!..............p............................................................................rdata..............................@..@.rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18384
                                                                                                                                                                                                                                        Entropy (8bit):6.279474608881223
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:jvEvevdv8vPozmVx0C5yguNvZ5VQgx3SbwA7yMVIkFGlPWthWXNjqujGlGswz7:2ozmT5yguNvZ5VQgx3SbwA71IkFFaJft
                                                                                                                                                                                                                                        MD5:9B79965F06FD756A5EFDE11E8D373108
                                                                                                                                                                                                                                        SHA1:3B9DE8BF6B912F19F7742AD34A875CBE2B5FFA50
                                                                                                                                                                                                                                        SHA-256:1A916C0DB285DEB02C0B9DF4D08DAD5EA95700A6A812EA067BD637A91101A9F6
                                                                                                                                                                                                                                        SHA-512:7D4155C00D65C3554E90575178A80D20DC7C80D543C4B5C4C3F508F0811482515638FE513E291B82F958B4D7A63C9876BE4E368557B07FF062961197ED4286FB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...$............" ........."...............................................@............`A........................................P................0...............&...!..............p............................................................................rdata../...........................@..@.rsrc........0......."..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14288
                                                                                                                                                                                                                                        Entropy (8bit):6.547753630184197
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ENDCWthWHWf9BvVVWQ4mWG5xqcVT/gqnajKsrC/V:TWthW6N/xqc1IlGsrC/V
                                                                                                                                                                                                                                        MD5:1D48A3189A55B632798F0E859628B0FB
                                                                                                                                                                                                                                        SHA1:61569A8E4F37ADC353986D83EFC90DC043CDC673
                                                                                                                                                                                                                                        SHA-256:B56BC94E8539603DD2F0FEA2F25EFD17966315067442507DB4BFFAFCBC2955B0
                                                                                                                                                                                                                                        SHA-512:47F329102B703BFBB1EBAEB5203D1C8404A0C912019193C93D150A95BB0C5BA8DC101AC56D3283285F9F91239FC64A66A5357AFE428A919B0BE7194BADA1F64F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d...E............" .........................................................0......f.....`A........................................P................ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):12240
                                                                                                                                                                                                                                        Entropy (8bit):6.686357863452704
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:ZjfHQdufWthWCWf9BvVVWQ4mWMlUteSP+CjAWqnajKsN0c:ZfZWthW/Nd4P+CcWlGsN0c
                                                                                                                                                                                                                                        MD5:DBC27D384679916BA76316FB5E972EA6
                                                                                                                                                                                                                                        SHA1:FB9F021F2220C852F6FF4EA94E8577368F0616A4
                                                                                                                                                                                                                                        SHA-256:DD14133ADF5C534539298422F6C4B52739F80ACA8C5A85CA8C966DEA9964CEB1
                                                                                                                                                                                                                                        SHA-512:CC0D8C56749CCB9D007B6D3F5C4A8F1D4E368BB81446EBCD7CC7B40399BBD56D0ACABA588CA172ECB7472A8CBDDBD4C366FFA38094A832F6D7E343B813BA565E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............be..be..be...e..be...a..be......be...g..be.Rich.be.................PE..d....@n#.........." .........................................................0............`A........................................P...^............ ...................!..............p............................................................................rdata..............................@..@.rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\base_library.zip

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1332263
                                                                                                                                                                                                                                        Entropy (8bit):5.5864676354018465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjHgkVHdmmPnHz1dG6sF7aYceM:uttcY+UHCiCAd+cqHdmmPHzvwaYceM
                                                                                                                                                                                                                                        MD5:630153AC2B37B16B8C5B0DBB69A3B9D6
                                                                                                                                                                                                                                        SHA1:F901CD701FE081489B45D18157B4A15C83943D9D
                                                                                                                                                                                                                                        SHA-256:EC4E6B8E9F6F1F4B525AF72D3A6827807C7A81978CB03DB5767028EBEA283BE2
                                                                                                                                                                                                                                        SHA-512:7E3A434C8DF80D32E66036D831CBD6661641C0898BD0838A07038B460261BF25B72A626DEF06D0FAA692CAF64412CA699B1FA7A848FE9D969756E097CBA39E41
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\certifi\cacert.pem

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):290282
                                                                                                                                                                                                                                        Entropy (8bit):6.048183244201235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:QW1H/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5Np:QWN/TRJLWURrI55MWavdF0L
                                                                                                                                                                                                                                        MD5:302B49C5F476C0AE35571430BB2E4AA0
                                                                                                                                                                                                                                        SHA1:35A7837A3F1B960807BF46B1C95EC22792262846
                                                                                                                                                                                                                                        SHA-256:CF9D37FA81407AFE11DCC0D70FE602561422AA2344708C324E4504DB8C6C5748
                                                                                                                                                                                                                                        SHA-512:1345AF52984B570B1FF223032575FEB36CDFB4F38E75E0BD3B998BC46E9C646F7AC5C583D23A70460219299B9C04875EF672BF5A0D614618731DF9B7A5637D0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10752
                                                                                                                                                                                                                                        Entropy (8bit):4.674392865869017
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:KGUmje72HzA5iJGhU2Y0hQMsQJCUCLsZEA4elh3XQMtCFXiHBpv9cX6gTim1qeSC:rjQ2HzzU2bRYoe1HH9cqgTimoe
                                                                                                                                                                                                                                        MD5:D9E0217A89D9B9D1D778F7E197E0C191
                                                                                                                                                                                                                                        SHA1:EC692661FCC0B89E0C3BDE1773A6168D285B4F0D
                                                                                                                                                                                                                                        SHA-256:ECF12E2C0A00C0ED4E2343EA956D78EED55E5A36BA49773633B2DFE7B04335C0
                                                                                                                                                                                                                                        SHA-512:3B788AC88C1F2D682C1721C61D223A529697C7E43280686B914467B3B39E7D6DEBAFF4C0E2F42E9DDDB28B522F37CB5A3011E91C66D911609C63509F9228133D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..............................M....................................... ...?.......?.......?.a.....?.......Rich............................PE..d....jAe.........." ...%.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):122880
                                                                                                                                                                                                                                        Entropy (8bit):5.917175475547778
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bA3W6Fck6/g5DzNa4cMy/dzpd1dhdMdJGFEr6/vD:MW6NzcMy/d13FErgvD
                                                                                                                                                                                                                                        MD5:BF9A9DA1CF3C98346002648C3EAE6DCF
                                                                                                                                                                                                                                        SHA1:DB16C09FDC1722631A7A9C465BFE173D94EB5D8B
                                                                                                                                                                                                                                        SHA-256:4107B1D6F11D842074A9F21323290BBE97E8EED4AA778FBC348EE09CC4FA4637
                                                                                                                                                                                                                                        SHA-512:7371407D12E632FC8FB031393838D36E6A1FE1E978CED36FF750D84E183CDE6DD20F75074F4597742C9F8D6F87AF12794C589D596A81B920C6C62EE2BA2E5654
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..r...r...r......r...s...r...s...r...w...r...v..r...q...r.#.s...r...s...r..8z...r..8r...r..8....r..8p...r.Rich..r.........................PE..d....jAe.........." ...%.:...........<.......................................0............`.........................................@...d.......................(............ ......P...................................@............P...............................text....8.......:.................. ..`.rdata...W...P...X...>..............@..@.data...8=.......0..................@....pdata..(...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\INSTALLER

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4
                                                                                                                                                                                                                                        Entropy (8bit):1.5
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Mn:M
                                                                                                                                                                                                                                        MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                        SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                        SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                        SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:pip.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\LICENSE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                                                        Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                        MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                        SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                        SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                        SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\LICENSE.APACHE

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):11360
                                                                                                                                                                                                                                        Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                        MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                        SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                        SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                        SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\LICENSE.BSD

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1532
                                                                                                                                                                                                                                        Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                        MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                        SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                        SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                        SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\METADATA

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5292
                                                                                                                                                                                                                                        Entropy (8bit):5.115440205505611
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:DxapqZink/QIHQIyzQIZQILuQIR8vtklGovxNx6sWwCvCCcTKvIrrg9BMM6VwDjz:sJnkoBs/sqLz8cTKvIrrUiM6VwDjyeWs
                                                                                                                                                                                                                                        MD5:137D13F917D94C83137A0FA5AE12B467
                                                                                                                                                                                                                                        SHA1:01E93402C225BF2A4EE59F9A06F8062CB5E4801E
                                                                                                                                                                                                                                        SHA-256:36738E6971D2F20DB78433185A0EF7912A48544AA6FF7006505A7DC785158859
                                                                                                                                                                                                                                        SHA-512:1B22CBC6E22FA5E2BD5CC4A370443A342D00E7DD53330A4000E9A680DE80262BCA7188764E3568944D01025188291602AC8C53C971630984FBD9FA7D75AAB124
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Metadata-Version: 2.1..Name: cryptography..Version: 41.0.7..Summary: cryptography is a package which provides cryptographic recipes and primitives to Python developers...Author-email: The Python Cryptographic Authority and individual contributors <cryptography-dev@python.org>..License: Apache-2.0 OR BSD-3-Clause..Project-URL: homepage, https://github.com/pyca/cryptography..Project-URL: documentation, https://cryptography.io/..Project-URL: source, https://github.com/pyca/cryptography/..Project-URL: issues, https://github.com/pyca/cryptography/issues..Project-URL: changelog, https://cryptography.io/en/latest/changelog/..Classifier: Development Status :: 5 - Production/Stable..Classifier: Intended Audience :: Developers..Classifier: License :: OSI Approved :: Apache Software License..Classifier: License :: OSI Approved :: BSD License..Classifier: Natural Language :: English..Classifier: Operating System :: MacOS :: MacOS X..Classifier: Operating System :: POSIX..Classifier: Operating Syst

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\RECORD

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15334
                                                                                                                                                                                                                                        Entropy (8bit):5.552806309785179
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:3X62U/ZfaigdSwJN5i6s7B0Ppzx6uvndLE4:3NUxfzgFthE4
                                                                                                                                                                                                                                        MD5:D88787EC6163B4F45579EA7CF7F56044
                                                                                                                                                                                                                                        SHA1:B241754AF16F5B2523DE1D07520DADB5ABA559BA
                                                                                                                                                                                                                                        SHA-256:E5265DE4206BAB1FB0C96212067AA1EB479C85AB0495B915938DDB365B0C948D
                                                                                                                                                                                                                                        SHA-512:F4F1C213458AC42A3417A870F7C6D2A125950F588C76F8A83D605242ABBDBCC2CBE70CA49A700710AA23AC143F2702963DEA48043C5CA86FBF0D3CE07126C696
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:cryptography-41.0.7.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-41.0.7.dist-info/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-41.0.7.dist-info/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-41.0.7.dist-info/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography-41.0.7.dist-info/METADATA,sha256=NnOOaXHS8g23hDMYWg73kSpIVEqm_3AGUFp9x4UViFk,5292..cryptography-41.0.7.dist-info/RECORD,,..cryptography-41.0.7.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-41.0.7.dist-info/WHEEL,sha256=-EX5DQzNGQEoyL99Q-0P0-D-CXbfqafenaAeiSQ_Ufk,100..cryptography-41.0.7.dist-info/top_level.txt,sha256=KNaT-Sn2K4uxNaEbe6mYdDn3qWDMlp4y-MtWfB73nJc,13..cryptography/__about__.py,sha256=uPXMbbcptt7EzZ_jllGRx0pVdMn-NBsAM4L74hOv-b0,445..cryptography/__init__.py,sha256=iVPlBlXWTJyiFeRedxcbMPhyHB34viOM10d72vGnWuE,364..cryptography/__pycache__/_

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\WHEEL

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):100
                                                                                                                                                                                                                                        Entropy (8bit):5.0203365408149025
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:RtEeX7MWcSlVlbY3KgP+tkKc/SKQLn:RtBMwlVCxWKxDQLn
                                                                                                                                                                                                                                        MD5:4B432A99682DE414B29A683A3546B69F
                                                                                                                                                                                                                                        SHA1:F59C5016889EE5E9F62D09B22AEFBC2211A56C93
                                                                                                                                                                                                                                        SHA-256:F845F90D0CCD190128C8BF7D43ED0FD3E0FE0976DFA9A7DE9DA01E89243F51F9
                                                                                                                                                                                                                                        SHA-512:CBBF10E19B6F4072C416EA95D7AE259B9C5A1B89068B7B6660B7C637D6F2437AEA8D8202A2E26A0BEC36DAECD8BBB6B59016FC2DDEB13C545F0868B3E15479CA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.42.0).Root-Is-Purelib: false.Tag: cp37-abi3-win_amd64..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography-41.0.7.dist-info\top_level.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                        Entropy (8bit):3.2389012566026314
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:cOv:Nv
                                                                                                                                                                                                                                        MD5:E7274BD06FF93210298E7117D11EA631
                                                                                                                                                                                                                                        SHA1:7132C9EC1FD99924D658CC672F3AFE98AFEFAB8A
                                                                                                                                                                                                                                        SHA-256:28D693F929F62B8BB135A11B7BA9987439F7A960CC969E32F8CB567C1EF79C97
                                                                                                                                                                                                                                        SHA-512:AA6021C4E60A6382630BEBC1E16944F9B312359D645FC61219E9A3F19D876FD600E07DCA6932DCD7A1E15BFDEAC7DBDCEB9FFFCD5CA0E5377B82268ED19DE225
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:cryptography.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6673920
                                                                                                                                                                                                                                        Entropy (8bit):6.582002531606852
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:EzN+T+xtLlk0PPMAiGoTzeDy3x8lGBlWi9Nk:E5Y6Jk0PPMtfTzp3x8c
                                                                                                                                                                                                                                        MD5:486085AAC7BB246A173CEEA0879230AF
                                                                                                                                                                                                                                        SHA1:EF1095843B2A9C6D8285C7D9E8E334A9CE812FAE
                                                                                                                                                                                                                                        SHA-256:C3964FC08E4CA8BC193F131DEF6CC4B4724B18073AA0E12FED8B87C2E627DC83
                                                                                                                                                                                                                                        SHA-512:8A56774A08DA0AB9DD561D21FEBEEBC23A5DEA6F63D5638EA1B608CD923B857DF1F096262865E6EBD56B13EFD3BBA8D714FFDCE8316293229974532C49136460
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......QN.../.../.../...W(../......./......./......./......./...R.../...Z.../..^W.../.../...-../...",......./.../.../......./......./..Rich./..........PE..d...M7ee.........." ...&..M..........L...................................... f...........`......................................... .a.p.....a.|............Pb..............Pe.p...p.[.T.....................[.(...0.[.@............0M..............................text.....M.......M................. ..`.rdata.......0M.......M.............@..@.data........0a.......a.............@....pdata.......Pb.......b.............@..@.reloc..p....Pe.......e.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\libcrypto-3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5191960
                                                                                                                                                                                                                                        Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                        MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                        SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                        SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                        SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\libffi-8.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):39696
                                                                                                                                                                                                                                        Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                        MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                        SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                        SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                        SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\libssl-3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):787224
                                                                                                                                                                                                                                        Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                        MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                        SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                        SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                        SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\psutil\_psutil_windows.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):67072
                                                                                                                                                                                                                                        Entropy (8bit):5.90551713971002
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:ZhseNxkc7Xva0Y420G1UD+dS4gBeLmRy:Z1kcbi0Y42bUD+dS4oeiRy
                                                                                                                                                                                                                                        MD5:01F9D30DD889A3519E3CA93FE6EFEE70
                                                                                                                                                                                                                                        SHA1:EBF55ADBD8CD938C4C11D076203A3E54D995AEFF
                                                                                                                                                                                                                                        SHA-256:A66444A08A8B9CEAFA05DAEFEB32AA1E65C8009A3C480599F648FA52A20AFB7D
                                                                                                                                                                                                                                        SHA-512:76FED302D62BB38A39E0BF6C9038730E83B6AFFFA2F36E7A62B85770D4847EA6C688098061945509A1FDB799FB7F5C88699F94E7DA1934F88A9C3B6A433EE9EF
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`T..$5..$5..$5..-M3..5..v@..&5..v@..(5..v@..,5..v@.. 5...k..&5..oM..55..$5...5...@..45...@..%5...@_.%5...@..%5..Rich$5..........................PE..d.....~e.........." .........h..............................................@............`.........................................P...`.......@.... .......................0..(.......................................8............................................text............................... ..`.rdata..|I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\pyexpat.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):199448
                                                                                                                                                                                                                                        Entropy (8bit):6.385263095268062
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                                                        MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                                                        SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                                                        SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                                                        SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\python3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):68376
                                                                                                                                                                                                                                        Entropy (8bit):6.14896460878624
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                                                        MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                                                        SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                                                        SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                                                        SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\python312.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):7009048
                                                                                                                                                                                                                                        Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                                                        MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                                                        SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                                                        SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                                                        SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\pywin32_system32\pywintypes312.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):134656
                                                                                                                                                                                                                                        Entropy (8bit):5.9953900911096785
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Yuh2G0a2fYrFceQaVK756Y/r06trvoEKQAe7KL8KJKVKGajt4:Yuh2faiYrFceQaVfY/rxTBAe7KwKwVrE
                                                                                                                                                                                                                                        MD5:26D752C8896B324FFD12827A5E4B2808
                                                                                                                                                                                                                                        SHA1:447979FA03F78CB7210A4E4BA365085AB2F42C22
                                                                                                                                                                                                                                        SHA-256:BD33548DBDBB178873BE92901B282BAD9C6817E3EAC154CA50A666D5753FD7EC
                                                                                                                                                                                                                                        SHA-512:99C87AB9920E79A03169B29A2F838D568CA4D4056B54A67BC51CAF5C0FF5A4897ED02533BA504F884C6F983EBC400743E6AD52AC451821385B1E25C3B1EBCEE0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.$g..wg..wg..wn.[wk..w5..vc..w..5wf..w5..vs..w5..vo..w5..vd..ws..vf..w...ve..ws..vl..wg..w...w...vj..w...vf..w...vf..wRichg..w........PE..d......d.........." ................L........................................P............`......................................... u..`B......,....0..l.......L............@..0...`Q..T............................Q..8............................................text............................... ..`.rdata..R...........................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\select.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):30488
                                                                                                                                                                                                                                        Entropy (8bit):6.582548725691534
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                                                        MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                                                        SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                                                        SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                                                        SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\sqlite3.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1500440
                                                                                                                                                                                                                                        Entropy (8bit):6.5886408023548295
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:ATqtyGkxOc+wv05tP5kf82Hr/74YPF5o/P/gnAracr7/24UcypY7w0vpZUFq++I:nk0jwv4tP5kf8ar/74EF2/An4acrVUc2
                                                                                                                                                                                                                                        MD5:31CD2695493E9B0669D7361D92D46D94
                                                                                                                                                                                                                                        SHA1:19C1BC5C3856665ECA5390A2F9CD59B564C0139B
                                                                                                                                                                                                                                        SHA-256:17D547994008F1626BE2877497912687CB3EBD9A407396804310FD12C85AEAD4
                                                                                                                                                                                                                                        SHA-512:9DD8D1B900999E8CEA91F3D5F3F72D510F9CC28D7C6768A4046A9D2AA9E78A6ACE1248EC9574F5F6E53A6F1BDBFDF153D9BF73DBA05788625B03398716C87E1C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SJ...+...+...+...S...+...T...+...T...+...T...+...T...+..\S...+...+...+..-....+..-....+..-.n..+..-....+..Rich.+..................PE..d....Bre.........." ...%..................................................................`..........................................d...".............................../..........P...T...............................@...............@............................text...x........................... ..`.rdata..f...........................@..@.data....G.......>..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\ucrtbase.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1035728
                                                                                                                                                                                                                                        Entropy (8bit):6.630126944065657
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:EsKxVJ/pRRK0Y/9fCrl4NbpjONcncXEomxvSZX0yp49C:lKxDPHQCrlQBXxw
                                                                                                                                                                                                                                        MD5:849959A003FA63C5A42AE87929FCD18B
                                                                                                                                                                                                                                        SHA1:D1B80B3265E31A2B5D8D7DA6183146BBD5FB791B
                                                                                                                                                                                                                                        SHA-256:6238CBFE9F57C142B75E153C399C478D492252FDA8CB40EE539C2DCB0F2EB232
                                                                                                                                                                                                                                        SHA-512:64958DABDB94D21B59254C2F074DB5D51E914DDBC8437452115DFF369B0C134E50462C3FDBBC14B6FA809A6EE19AB2FB83D654061601CC175CDDCB7D74778E09
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d.....$%.........." .....:..........0Z..............................................7^....`A................................................................. ...........!.............p........................... f..............................................text...09.......:.................. ..`.rdata..^....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\unicodedata.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1137944
                                                                                                                                                                                                                                        Entropy (8bit):5.462202215180296
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                                                        MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                                                        SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                                                        SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                                                        SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\win32\win32api.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):133632
                                                                                                                                                                                                                                        Entropy (8bit):5.851293297484796
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bPwB2zC1vwC3XetCf5RlRVFhLaNKPRyymoh5Lm9b0e:bIB2zkvwGXetCfDlRVlPRy85Lm9
                                                                                                                                                                                                                                        MD5:3A80FEA23A007B42CEF8E375FC73AD40
                                                                                                                                                                                                                                        SHA1:04319F7552EA968E2421C3936C3A9EE6F9CF30B2
                                                                                                                                                                                                                                        SHA-256:B70D69D25204381F19378E1BB35CC2B8C8430AA80A983F8D0E8E837050BB06EF
                                                                                                                                                                                                                                        SHA-512:A63BED03F05396B967858902E922B2FBFB4CF517712F91CFAA096FF0539CF300D6B9C659FFEE6BF11C28E79E23115FD6B9C0B1AA95DB1CBD4843487F060CCF40
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I^.f'..f'..f'......f'...&..f'...#..f'...$..f'.o.&..f'..."..f'...&..f'..f&..g'.o....f'.o.'..f'.o.%..f'.Rich.f'.................PE..d......d.........." .........................................................P............`..........................................................0..\....................@..$....v..T............................<..8............0..........@....................text...$........................... ..`.rdata......0......................@..@.data...x(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..$....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI32802\win32\win32crypt.pyd

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):123904
                                                                                                                                                                                                                                        Entropy (8bit):5.966619585818369
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:07jbPA0SD9S3vrCqf93qMHxCjdLZn1Ya:07jtS9SfuCRCjFV
                                                                                                                                                                                                                                        MD5:47C91C74BB2C5CF696626AF04F3705AB
                                                                                                                                                                                                                                        SHA1:C086BC2825969756169FAB7DD2E560D360E1E09C
                                                                                                                                                                                                                                        SHA-256:F6EAD250FC2DE4330BD26079A44DED7F55172E05A70E28AD85D09E7881725155
                                                                                                                                                                                                                                        SHA-512:E6B6A4425B3E30CEA7BF8B09971FA0C84D6317B1A37BC1518266DC8D72C166099A8FC40A9B985300901BD921E444FF438FD30B814C1F1C6A051DF3471615C2BD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........U...U...U...\.v.S.......Q.......E.......].......V.....Q...A...R...U........\.....T.....T...RichU...........PE..d......d.........." ................(........................................ ............`..........................................o..................d.......................H....G..T............................H..8............................................text...~........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..............................@..@.rsrc...d...........................@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.9966930608758595
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                        • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:L5OMdZqWzq.exe
                                                                                                                                                                                                                                        File size:17'568'230 bytes
                                                                                                                                                                                                                                        MD5:c1f933e0605004deceb65e009aa586fb
                                                                                                                                                                                                                                        SHA1:0a2d9b863dd499f88e7d92ec4ea2f3b5e81836d5
                                                                                                                                                                                                                                        SHA256:2f1f7def1fb58a59bcda870b387a7825e2d468250fae590df12ce18264542d83
                                                                                                                                                                                                                                        SHA512:7dcc8d3600c794b8ba4428070c6f389d25fc1d72d7c0f81a0cc77811780ddda42d515bb2d8d9c86b636b54d7c1ec33997be7f33e20a499278b0f8d9e5582d9a4
                                                                                                                                                                                                                                        SSDEEP:393216:5EkZgf8fdntpUTLfhJe1+TtIiFyuvB5IjWqJ6eoWez10GwKXiWCR:5RbFHUTLJE1QtItS3ILJ6e/XG8VR
                                                                                                                                                                                                                                        TLSH:01073306B3502CB1D2D152776266856E6F73B8949370C78F03F922952F9F3624E3AE72
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Q...?...?...?.Z.<...?.Z.:...?.Z.;...?.......?...:.9.?...;...?...<...?.Z.>...?...>...?.+.;...?.+.=...?.Rich..?................

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:4a464cd47461e179

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x14000c1f0
                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x65CBFA9E [Tue Feb 13 23:26:22 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                        OS Version Minor:2
                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                        File Version Minor:2
                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                        Subsystem Version Minor:2
                                                                                                                                                                                                                                        Import Hash:1af6c885af093afc55142c2f1761dbe8

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FE6908EB2FCh
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        jmp 00007FE6908EAF0Fh
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 28h
                                                                                                                                                                                                                                        call 00007FE6908EB874h
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FE6908EB0B3h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                        jmp 00007FE6908EB097h
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmp ecx, eax
                                                                                                                                                                                                                                        je 00007FE6908EB0A6h
                                                                                                                                                                                                                                        xor eax, eax
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        cmpxchg dword ptr [0003427Ch], ecx
                                                                                                                                                                                                                                        jne 00007FE6908EB080h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 28h
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        mov al, 01h
                                                                                                                                                                                                                                        jmp 00007FE6908EB089h
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                        movzx eax, byte ptr [00034267h]
                                                                                                                                                                                                                                        test ecx, ecx
                                                                                                                                                                                                                                        mov ebx, 00000001h
                                                                                                                                                                                                                                        cmove eax, ebx
                                                                                                                                                                                                                                        mov byte ptr [00034257h], al
                                                                                                                                                                                                                                        call 00007FE6908EB673h
                                                                                                                                                                                                                                        call 00007FE6908EC792h
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FE6908EB096h
                                                                                                                                                                                                                                        xor al, al
                                                                                                                                                                                                                                        jmp 00007FE6908EB0A6h
                                                                                                                                                                                                                                        call 00007FE6908F9731h
                                                                                                                                                                                                                                        test al, al
                                                                                                                                                                                                                                        jne 00007FE6908EB09Bh
                                                                                                                                                                                                                                        xor ecx, ecx
                                                                                                                                                                                                                                        call 00007FE6908EC7A2h
                                                                                                                                                                                                                                        jmp 00007FE6908EB07Ch
                                                                                                                                                                                                                                        mov al, bl
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        add esp, 20h
                                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        int3
                                                                                                                                                                                                                                        inc eax
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        dec eax
                                                                                                                                                                                                                                        sub esp, 20h
                                                                                                                                                                                                                                        cmp byte ptr [0003421Ch], 00000000h
                                                                                                                                                                                                                                        mov ebx, ecx
                                                                                                                                                                                                                                        jne 00007FE6908EB0F9h
                                                                                                                                                                                                                                        cmp ecx, 01h
                                                                                                                                                                                                                                        jnbe 00007FE6908EB0FCh
                                                                                                                                                                                                                                        call 00007FE6908EB7DAh
                                                                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                                                                        je 00007FE6908EB0BAh

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3cdcc0x78.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x460000xf41c.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x22a4.pdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x75c.reloc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3a3300x1c.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3a1f00x140.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x420.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x29c900x29e0062616acf257019688180f494b4eb78d4False0.5523087686567164data6.4831047330596565IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0x2b0000x12bf40x12c00a2b91d00ded1c9f64e6503fe8291aa9aFalse0.5184375data5.835042430176611IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0x3e0000x33380xe0099d84572872f2ce8d9bdbc2521e1966eFalse0.1328125Matlab v4 mat-file (little endian) f\324\377\3772\242\337-\231+, text, rows 4294967295, columns 01.8271683819747706IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .pdata0x420000x22a40x240039f0a7d8241a665fc55289b5f9977819False0.4720052083333333data5.316391891279308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        _RDATA0x450000x15c0x200624222957a635749731104f8cdf6f9b7False0.38671875data2.83326547900447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rsrc0x460000xf41c0xf600c654ab5a3bc06ebf8c554f36c31153c0False0.8030837144308943data7.554967714213712IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0x560000x75c0x8004138d4447f190c2657ec208ef31be551False0.5458984375data5.240127521097618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_ICON0x462080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.585820895522388
                                                                                                                                                                                                                                        RT_ICON0x470b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7360108303249098
                                                                                                                                                                                                                                        RT_ICON0x479580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.755057803468208
                                                                                                                                                                                                                                        RT_ICON0x47ec00x952cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9975384937676757
                                                                                                                                                                                                                                        RT_ICON0x513ec0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3887966804979253
                                                                                                                                                                                                                                        RT_ICON0x539940x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.49530956848030017
                                                                                                                                                                                                                                        RT_ICON0x54a3c0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7207446808510638
                                                                                                                                                                                                                                        RT_GROUP_ICON0x54ea40x68data0.7019230769230769
                                                                                                                                                                                                                                        RT_MANIFEST0x54f0c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                        COMCTL32.dll
                                                                                                                                                                                                                                        KERNEL32.dllIsValidCodePage, GetStringTypeW, GetFileAttributesExW, HeapReAlloc, FlushFileBuffers, GetCurrentDirectoryW, GetACP, GetOEMCP, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, CreateSymbolicLinkW, GetProcAddress, GetCommandLineW, GetEnvironmentVariableW, GetCPInfo, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, SetConsoleCtrlHandler, FindClose, FindFirstFileExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, WriteConsoleW, SetEndOfFile, SetEnvironmentVariableW, RtlUnwindEx, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindNextFileW, SetStdHandle, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW
                                                                                                                                                                                                                                        ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                        GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.612237930 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.612268925 CET4434970534.224.200.202192.168.2.8
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.612386942 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:53.884138107 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:53.884179115 CET4434970534.224.200.202192.168.2.8
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.620698929 CET4434970534.224.200.202192.168.2.8
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.622446060 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.622477055 CET4434970534.224.200.202192.168.2.8
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.623938084 CET4434970534.224.200.202192.168.2.8
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.624001980 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.625571966 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.625776052 CET4434970534.224.200.202192.168.2.8
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.625823975 CET49705443192.168.2.834.224.200.202
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:55.626084089 CET49705443192.168.2.834.224.200.202

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.469904900 CET6507453192.168.2.81.1.1.1
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.607863903 CET53650741.1.1.1192.168.2.8

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.469904900 CET192.168.2.81.1.1.10x29c1Standard query (0)httpbin.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.607863903 CET1.1.1.1192.168.2.80x29c1No error (0)httpbin.org34.224.200.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 09:56:51.607863903 CET1.1.1.1192.168.2.80x29c1No error (0)httpbin.org44.196.3.45A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:03:56:45
                                                                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\L5OMdZqWzq.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff697560000
                                                                                                                                                                                                                                        File size:17'568'230 bytes
                                                                                                                                                                                                                                        MD5 hash:C1F933E0605004DECEB65E009AA586FB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                        Start time:03:56:49
                                                                                                                                                                                                                                        Start date:09/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\L5OMdZqWzq.exe"
                                                                                                                                                                                                                                        Imagebase:0x7ff697560000
                                                                                                                                                                                                                                        File size:17'568'230 bytes
                                                                                                                                                                                                                                        MD5 hash:C1F933E0605004DECEB65E009AA586FB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:10.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:18.2%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:23
                                                                                                                                                                                                                                          execution_graph 19313 7ff697581d20 19324 7ff697587cb4 19313->19324 19325 7ff697587cc1 19324->19325 19326 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19325->19326 19327 7ff697587cdd 19325->19327 19326->19325 19328 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19327->19328 19329 7ff697581d29 19327->19329 19328->19327 19330 7ff697580cb8 EnterCriticalSection 19329->19330 15171 7ff69756c07c 15192 7ff69756c24c 15171->15192 15174 7ff69756c1c8 15288 7ff69756c57c IsProcessorFeaturePresent 15174->15288 15175 7ff69756c098 __scrt_acquire_startup_lock 15177 7ff69756c1d2 15175->15177 15178 7ff69756c0b6 __scrt_release_startup_lock 15175->15178 15179 7ff69756c57c 7 API calls 15177->15179 15181 7ff69756c0db 15178->15181 15182 7ff69756c161 15178->15182 15277 7ff69757a0bc 15178->15277 15180 7ff69756c1dd __GetCurrentState 15179->15180 15198 7ff69756c6c8 15182->15198 15184 7ff69756c166 15201 7ff697561000 15184->15201 15189 7ff69756c189 15189->15180 15284 7ff69756c3e0 15189->15284 15295 7ff69756c84c 15192->15295 15195 7ff69756c090 15195->15174 15195->15175 15196 7ff69756c27b __scrt_initialize_crt 15196->15195 15297 7ff69756d998 15196->15297 15324 7ff69756d0e0 15198->15324 15200 7ff69756c6df GetStartupInfoW 15200->15184 15202 7ff69756100b 15201->15202 15326 7ff6975686b0 15202->15326 15204 7ff69756101d 15333 7ff697575ef8 15204->15333 15206 7ff6975639cb 15340 7ff697561eb0 15206->15340 15212 7ff6975639ea 15243 7ff697563ad2 15212->15243 15356 7ff697567b60 15212->15356 15214 7ff697563a1f 15215 7ff697563a6b 15214->15215 15217 7ff697567b60 61 API calls 15214->15217 15371 7ff697568040 15215->15371 15221 7ff697563a40 __std_exception_destroy 15217->15221 15218 7ff697563a80 15375 7ff697561cb0 15218->15375 15221->15215 15225 7ff697568040 58 API calls 15221->15225 15222 7ff697563b71 15223 7ff697563b95 15222->15223 15394 7ff6975614f0 15222->15394 15228 7ff697563bef 15223->15228 15223->15243 15401 7ff697568ae0 15223->15401 15224 7ff697561cb0 121 API calls 15226 7ff697563ab6 15224->15226 15225->15215 15230 7ff697563aba 15226->15230 15231 7ff697563af8 15226->15231 15415 7ff697566de0 15228->15415 15456 7ff697562b30 15230->15456 15231->15222 15478 7ff697563fd0 15231->15478 15233 7ff697563bcc 15237 7ff697563be2 SetDllDirectoryW 15233->15237 15238 7ff697563bd1 15233->15238 15237->15228 15239 7ff697562b30 59 API calls 15238->15239 15239->15243 15242 7ff697563b16 15247 7ff697562b30 59 API calls 15242->15247 15469 7ff69756bcc0 15243->15469 15244 7ff697563c3b 15248 7ff697563d06 15244->15248 15256 7ff697563c5a 15244->15256 15245 7ff697563c09 15245->15244 15510 7ff6975665f0 15245->15510 15247->15243 15419 7ff6975634c0 15248->15419 15249 7ff697563b44 15249->15222 15252 7ff697563b49 15249->15252 15497 7ff69757018c 15252->15497 15262 7ff697563ca5 15256->15262 15552 7ff697561ef0 15256->15552 15257 7ff697563c3d 15546 7ff697566840 15257->15546 15262->15243 15556 7ff697563460 15262->15556 15264 7ff697563d2e 15267 7ff697567b60 61 API calls 15264->15267 15268 7ff697563d3a 15267->15268 15433 7ff697568080 15268->15433 15269 7ff697563ce1 15272 7ff697566840 FreeLibrary 15269->15272 15272->15243 15278 7ff69757a0f4 15277->15278 15279 7ff69757a0d3 15277->15279 18206 7ff69757a968 15278->18206 15279->15182 15282 7ff69756c70c GetModuleHandleW 15283 7ff69756c71d 15282->15283 15283->15189 15285 7ff69756c3f1 15284->15285 15286 7ff69756c1a0 15285->15286 15287 7ff69756d998 __scrt_initialize_crt 7 API calls 15285->15287 15286->15181 15287->15286 15289 7ff69756c5a2 _wfindfirst32i64 __scrt_get_show_window_mode 15288->15289 15290 7ff69756c5c1 RtlCaptureContext RtlLookupFunctionEntry 15289->15290 15291 7ff69756c5ea RtlVirtualUnwind 15290->15291 15292 7ff69756c626 __scrt_get_show_window_mode 15290->15292 15291->15292 15293 7ff69756c658 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15292->15293 15294 7ff69756c6aa _wfindfirst32i64 15293->15294 15294->15177 15296 7ff69756c26e __scrt_dllmain_crt_thread_attach 15295->15296 15296->15195 15296->15196 15298 7ff69756d9aa 15297->15298 15299 7ff69756d9a0 15297->15299 15298->15195 15303 7ff69756dd14 15299->15303 15304 7ff69756dd23 15303->15304 15305 7ff69756d9a5 15303->15305 15311 7ff69756df50 15304->15311 15307 7ff69756dd80 15305->15307 15308 7ff69756ddab 15307->15308 15309 7ff69756dd8e DeleteCriticalSection 15308->15309 15310 7ff69756ddaf 15308->15310 15309->15308 15310->15298 15315 7ff69756ddb8 15311->15315 15316 7ff69756ded2 TlsFree 15315->15316 15321 7ff69756ddfc __vcrt_FlsAlloc 15315->15321 15317 7ff69756de2a LoadLibraryExW 15319 7ff69756de4b GetLastError 15317->15319 15320 7ff69756dea1 15317->15320 15318 7ff69756dec1 GetProcAddress 15318->15316 15319->15321 15320->15318 15322 7ff69756deb8 FreeLibrary 15320->15322 15321->15316 15321->15317 15321->15318 15323 7ff69756de6d LoadLibraryExW 15321->15323 15322->15318 15323->15320 15323->15321 15325 7ff69756d0c0 15324->15325 15325->15200 15325->15325 15328 7ff6975686cf 15326->15328 15327 7ff697568720 WideCharToMultiByte 15327->15328 15330 7ff6975687c6 15327->15330 15328->15327 15329 7ff697568774 WideCharToMultiByte 15328->15329 15328->15330 15332 7ff6975686d7 __std_exception_destroy 15328->15332 15329->15328 15329->15330 15604 7ff6975629e0 15330->15604 15332->15204 15335 7ff697580050 15333->15335 15334 7ff6975800a3 15336 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15334->15336 15335->15334 15337 7ff6975800f6 15335->15337 15339 7ff6975800cc 15336->15339 16109 7ff69757ff28 15337->16109 15339->15206 15341 7ff697561ec5 15340->15341 15343 7ff697561ee0 15341->15343 16117 7ff697562890 15341->16117 15343->15243 15344 7ff697563ec0 15343->15344 15345 7ff69756bc60 15344->15345 15346 7ff697563ecc GetModuleFileNameW 15345->15346 15347 7ff697563efb 15346->15347 15348 7ff697563f12 15346->15348 15349 7ff6975629e0 57 API calls 15347->15349 16157 7ff697568bf0 15348->16157 15354 7ff697563f0e 15349->15354 15352 7ff697562b30 59 API calls 15352->15354 15353 7ff69756bcc0 _wfindfirst32i64 8 API calls 15355 7ff697563f4f 15353->15355 15354->15353 15355->15212 15357 7ff697567b6a 15356->15357 15358 7ff697568ae0 57 API calls 15357->15358 15359 7ff697567b8c GetEnvironmentVariableW 15358->15359 15360 7ff697567bf6 15359->15360 15361 7ff697567ba4 ExpandEnvironmentStringsW 15359->15361 15362 7ff69756bcc0 _wfindfirst32i64 8 API calls 15360->15362 15363 7ff697568bf0 59 API calls 15361->15363 15364 7ff697567c08 15362->15364 15365 7ff697567bcc 15363->15365 15364->15214 15365->15360 15366 7ff697567bd6 15365->15366 16168 7ff69757a99c 15366->16168 15369 7ff69756bcc0 _wfindfirst32i64 8 API calls 15370 7ff697567bee 15369->15370 15370->15214 15372 7ff697568ae0 57 API calls 15371->15372 15373 7ff697568057 SetEnvironmentVariableW 15372->15373 15374 7ff69756806f __std_exception_destroy 15373->15374 15374->15218 15376 7ff697561cbe 15375->15376 15377 7ff697561ef0 49 API calls 15376->15377 15378 7ff697561cf4 15377->15378 15379 7ff697561ef0 49 API calls 15378->15379 15388 7ff697561dde 15378->15388 15381 7ff697561d1a 15379->15381 15380 7ff69756bcc0 _wfindfirst32i64 8 API calls 15382 7ff697561e6c 15380->15382 15381->15388 16175 7ff697561aa0 15381->16175 15382->15222 15382->15224 15386 7ff697561dcc 15387 7ff697563e40 49 API calls 15386->15387 15387->15388 15388->15380 15389 7ff697561d8f 15389->15386 15390 7ff697561e34 15389->15390 15391 7ff697563e40 49 API calls 15390->15391 15392 7ff697561e41 15391->15392 16211 7ff697564050 15392->16211 15395 7ff697561506 15394->15395 15398 7ff69756157f 15394->15398 16253 7ff697567950 15395->16253 15398->15223 15399 7ff697562b30 59 API calls 15400 7ff697561564 15399->15400 15400->15223 15402 7ff697568b87 MultiByteToWideChar 15401->15402 15403 7ff697568b01 MultiByteToWideChar 15401->15403 15406 7ff697568baa 15402->15406 15407 7ff697568bcf 15402->15407 15404 7ff697568b4c 15403->15404 15405 7ff697568b27 15403->15405 15404->15402 15412 7ff697568b62 15404->15412 15408 7ff6975629e0 55 API calls 15405->15408 15409 7ff6975629e0 55 API calls 15406->15409 15407->15233 15411 7ff697568b3a 15408->15411 15410 7ff697568bbd 15409->15410 15410->15233 15411->15233 15413 7ff6975629e0 55 API calls 15412->15413 15414 7ff697568b75 15413->15414 15414->15233 15416 7ff697566df5 15415->15416 15417 7ff697563bf4 15416->15417 15418 7ff697562890 59 API calls 15416->15418 15417->15244 15501 7ff697566a90 15417->15501 15418->15417 15423 7ff697563533 15419->15423 15425 7ff697563574 15419->15425 15420 7ff69756bcc0 _wfindfirst32i64 8 API calls 15421 7ff6975635c5 15420->15421 15421->15243 15426 7ff697567fd0 15421->15426 15423->15425 16795 7ff697561710 15423->16795 16837 7ff697562d70 15423->16837 15425->15420 15427 7ff697568ae0 57 API calls 15426->15427 15428 7ff697567fef 15427->15428 15429 7ff697568ae0 57 API calls 15428->15429 15430 7ff697567fff 15429->15430 15431 7ff697577dec 38 API calls 15430->15431 15432 7ff69756800d __std_exception_destroy 15431->15432 15432->15264 15434 7ff697568090 15433->15434 15435 7ff697568ae0 57 API calls 15434->15435 15436 7ff6975680c1 SetConsoleCtrlHandler GetStartupInfoW 15435->15436 15457 7ff697562b50 15456->15457 15458 7ff697574ac4 49 API calls 15457->15458 15459 7ff697562b9b __scrt_get_show_window_mode 15458->15459 15460 7ff697568ae0 57 API calls 15459->15460 15461 7ff697562bd0 15460->15461 15462 7ff697562c0d MessageBoxA 15461->15462 15463 7ff697562bd5 15461->15463 15465 7ff697562c27 15462->15465 15464 7ff697568ae0 57 API calls 15463->15464 15466 7ff697562bef MessageBoxW 15464->15466 15467 7ff69756bcc0 _wfindfirst32i64 8 API calls 15465->15467 15466->15465 15468 7ff697562c37 15467->15468 15468->15243 15470 7ff69756bcc9 15469->15470 15471 7ff69756bd20 IsProcessorFeaturePresent 15470->15471 15472 7ff697563ae6 15470->15472 15473 7ff69756bd38 15471->15473 15472->15282 17344 7ff69756bf14 RtlCaptureContext 15473->17344 15479 7ff697563fdc 15478->15479 15480 7ff697568ae0 57 API calls 15479->15480 15481 7ff697564007 15480->15481 15482 7ff697568ae0 57 API calls 15481->15482 15483 7ff69756401a 15482->15483 17349 7ff6975764a8 15483->17349 15486 7ff69756bcc0 _wfindfirst32i64 8 API calls 15487 7ff697563b0e 15486->15487 15487->15242 15488 7ff6975682b0 15487->15488 15489 7ff6975682d4 15488->15489 15490 7ff697570814 73 API calls 15489->15490 15495 7ff6975683ab __std_exception_destroy 15489->15495 15491 7ff6975682ee 15490->15491 15491->15495 17728 7ff697579070 15491->17728 15495->15249 15498 7ff6975701bc 15497->15498 17743 7ff69756ff68 15498->17743 15502 7ff697566aca 15501->15502 15503 7ff697566ab3 15501->15503 15502->15245 15503->15502 17754 7ff6975615a0 15503->17754 15505 7ff697566ad4 15505->15502 15506 7ff697564050 49 API calls 15505->15506 15507 7ff697566b35 15506->15507 15508 7ff697562b30 59 API calls 15507->15508 15509 7ff697566ba5 memcpy_s __std_exception_destroy 15507->15509 15508->15502 15509->15245 15511 7ff69756660a memcpy_s 15510->15511 15512 7ff69756672f 15511->15512 15514 7ff69756674b 15511->15514 15518 7ff697564050 49 API calls 15511->15518 15519 7ff697566710 15511->15519 15527 7ff697561710 144 API calls 15511->15527 15528 7ff697566731 15511->15528 17778 7ff697561950 15511->17778 15515 7ff697564050 49 API calls 15512->15515 15517 7ff697562b30 59 API calls 15514->15517 15516 7ff6975667a8 15515->15516 15520 7ff697564050 49 API calls 15516->15520 15521 7ff697566741 __std_exception_destroy 15517->15521 15518->15511 15519->15512 15522 7ff697564050 49 API calls 15519->15522 15523 7ff6975667d8 15520->15523 15524 7ff69756bcc0 _wfindfirst32i64 8 API calls 15521->15524 15522->15512 15526 7ff697564050 49 API calls 15523->15526 15525 7ff697563c1a 15524->15525 15525->15257 15530 7ff697566570 15525->15530 15526->15521 15527->15511 15529 7ff697562b30 59 API calls 15528->15529 15529->15521 17782 7ff697568260 15530->17782 15532 7ff69756658c 15533 7ff697568260 58 API calls 15532->15533 15534 7ff69756659f 15533->15534 15535 7ff6975665d5 15534->15535 15537 7ff6975665b7 15534->15537 15536 7ff697562b30 59 API calls 15535->15536 17786 7ff697566ef0 GetProcAddress 15537->17786 15547 7ff697566852 15546->15547 15551 7ff69756687d 15546->15551 15549 7ff69756693b 15547->15549 15547->15551 17845 7ff697568240 FreeLibrary 15547->17845 15549->15551 17846 7ff697568240 FreeLibrary 15549->17846 15551->15244 15553 7ff697561f15 15552->15553 15554 7ff697574ac4 49 API calls 15553->15554 15555 7ff697561f38 15554->15555 15555->15262 17847 7ff697565bc0 15556->17847 15559 7ff6975634ad 15559->15269 15623 7ff69756bc60 15604->15623 15607 7ff697562a29 15625 7ff697574ac4 15607->15625 15612 7ff697561ef0 49 API calls 15613 7ff697562a86 __scrt_get_show_window_mode 15612->15613 15614 7ff697568ae0 54 API calls 15613->15614 15615 7ff697562abb 15614->15615 15616 7ff697562af8 MessageBoxA 15615->15616 15617 7ff697562ac0 15615->15617 15619 7ff697562b12 15616->15619 15618 7ff697568ae0 54 API calls 15617->15618 15620 7ff697562ada MessageBoxW 15618->15620 15621 7ff69756bcc0 _wfindfirst32i64 8 API calls 15619->15621 15620->15619 15622 7ff697562b22 15621->15622 15622->15332 15624 7ff6975629fc GetLastError 15623->15624 15624->15607 15628 7ff697574b1e 15625->15628 15626 7ff697574b43 15655 7ff69757add8 15626->15655 15628->15626 15629 7ff697574b7f 15628->15629 15663 7ff697572d50 15629->15663 15632 7ff697574b6d 15633 7ff69756bcc0 _wfindfirst32i64 8 API calls 15632->15633 15635 7ff697562a57 15633->15635 15634 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15634->15632 15643 7ff697568560 15635->15643 15636 7ff697574c5c 15636->15634 15637 7ff697574c80 15637->15636 15640 7ff697574c8a 15637->15640 15638 7ff697574c31 15677 7ff69757af0c 15638->15677 15639 7ff697574c28 15639->15636 15639->15638 15642 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15640->15642 15642->15632 15644 7ff69756856c 15643->15644 15645 7ff69756858d FormatMessageW 15644->15645 15646 7ff697568587 GetLastError 15644->15646 15647 7ff6975685dc WideCharToMultiByte 15645->15647 15648 7ff6975685c0 15645->15648 15646->15645 15650 7ff697568616 15647->15650 15652 7ff6975685d3 15647->15652 15649 7ff6975629e0 54 API calls 15648->15649 15649->15652 15651 7ff6975629e0 54 API calls 15650->15651 15651->15652 15653 7ff69756bcc0 _wfindfirst32i64 8 API calls 15652->15653 15654 7ff697562a5e 15653->15654 15654->15612 15683 7ff69757ab20 15655->15683 15659 7ff69757ae13 15659->15632 15664 7ff697572d8e 15663->15664 15665 7ff697572d7e 15663->15665 15666 7ff697572d97 15664->15666 15670 7ff697572dc5 15664->15670 15667 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15665->15667 15668 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15666->15668 15669 7ff697572dbd 15667->15669 15668->15669 15669->15636 15669->15637 15669->15638 15669->15639 15670->15665 15670->15669 15673 7ff697573074 15670->15673 15775 7ff6975736e0 15670->15775 15801 7ff6975733a8 15670->15801 15831 7ff697572c30 15670->15831 15834 7ff697574900 15670->15834 15675 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15673->15675 15675->15665 15678 7ff69757af40 15677->15678 15679 7ff69757af11 RtlFreeHeap 15677->15679 15678->15632 15679->15678 15680 7ff69757af2c GetLastError 15679->15680 15681 7ff69757af39 Concurrency::details::SchedulerProxy::DeleteThis 15680->15681 15682 7ff6975754c4 _get_daylight 9 API calls 15681->15682 15682->15678 15684 7ff69757ab3c GetLastError 15683->15684 15685 7ff69757ab77 15683->15685 15686 7ff69757ab4c 15684->15686 15685->15659 15689 7ff69757ab8c 15685->15689 15696 7ff69757b950 15686->15696 15690 7ff69757aba8 GetLastError SetLastError 15689->15690 15691 7ff69757abc0 15689->15691 15690->15691 15691->15659 15692 7ff69757aec4 IsProcessorFeaturePresent 15691->15692 15693 7ff69757aed7 15692->15693 15767 7ff69757abd8 15693->15767 15697 7ff69757b98a FlsSetValue 15696->15697 15698 7ff69757b96f FlsGetValue 15696->15698 15699 7ff69757ab67 SetLastError 15697->15699 15701 7ff69757b997 15697->15701 15698->15699 15700 7ff69757b984 15698->15700 15699->15685 15700->15697 15713 7ff69757f158 15701->15713 15704 7ff69757b9c4 FlsSetValue 15706 7ff69757b9e2 15704->15706 15707 7ff69757b9d0 FlsSetValue 15704->15707 15705 7ff69757b9b4 FlsSetValue 15708 7ff69757b9bd 15705->15708 15720 7ff69757b4b8 15706->15720 15707->15708 15710 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15708->15710 15710->15699 15718 7ff69757f169 _get_daylight 15713->15718 15714 7ff69757f1ba 15728 7ff6975754c4 15714->15728 15715 7ff69757f19e HeapAlloc 15716 7ff69757b9a6 15715->15716 15715->15718 15716->15704 15716->15705 15718->15714 15718->15715 15725 7ff697583c00 15718->15725 15753 7ff69757b390 15720->15753 15731 7ff697583c40 15725->15731 15736 7ff69757b888 GetLastError 15728->15736 15730 7ff6975754cd 15730->15716 15732 7ff697580cb8 _isindst EnterCriticalSection 15731->15732 15733 7ff697583c4d 15732->15733 15734 7ff697580d18 _isindst LeaveCriticalSection 15733->15734 15735 7ff697583c12 15734->15735 15735->15718 15737 7ff69757b8c9 FlsSetValue 15736->15737 15740 7ff69757b8ac 15736->15740 15738 7ff69757b8db 15737->15738 15739 7ff69757b8b9 15737->15739 15742 7ff69757f158 _get_daylight 5 API calls 15738->15742 15741 7ff69757b935 SetLastError 15739->15741 15740->15737 15740->15739 15741->15730 15743 7ff69757b8ea 15742->15743 15744 7ff69757b908 FlsSetValue 15743->15744 15745 7ff69757b8f8 FlsSetValue 15743->15745 15747 7ff69757b926 15744->15747 15748 7ff69757b914 FlsSetValue 15744->15748 15746 7ff69757b901 15745->15746 15750 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15746->15750 15749 7ff69757b4b8 _get_daylight 5 API calls 15747->15749 15748->15746 15751 7ff69757b92e 15749->15751 15750->15739 15752 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 15751->15752 15752->15741 15765 7ff697580cb8 EnterCriticalSection 15753->15765 15768 7ff69757ac12 _wfindfirst32i64 __scrt_get_show_window_mode 15767->15768 15769 7ff69757ac3a RtlCaptureContext RtlLookupFunctionEntry 15768->15769 15770 7ff69757acaa IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15769->15770 15771 7ff69757ac74 RtlVirtualUnwind 15769->15771 15772 7ff69757acfc _wfindfirst32i64 15770->15772 15771->15770 15773 7ff69756bcc0 _wfindfirst32i64 8 API calls 15772->15773 15774 7ff69757ad1b GetCurrentProcess TerminateProcess 15773->15774 15776 7ff697573795 15775->15776 15777 7ff697573722 15775->15777 15779 7ff69757379a 15776->15779 15785 7ff6975737ef 15776->15785 15778 7ff697573728 15777->15778 15780 7ff6975737bf 15777->15780 15786 7ff69757372d 15778->15786 15789 7ff6975737fe 15778->15789 15782 7ff6975737cf 15779->15782 15784 7ff69757379c 15779->15784 15858 7ff697571c90 15780->15858 15865 7ff697571880 15782->15865 15783 7ff69757373d 15800 7ff69757382d 15783->15800 15840 7ff697574044 15783->15840 15784->15783 15792 7ff6975737ab 15784->15792 15785->15780 15785->15789 15799 7ff697573758 15785->15799 15786->15783 15791 7ff697573770 15786->15791 15786->15799 15789->15800 15872 7ff6975720a0 15789->15872 15791->15800 15850 7ff697574500 15791->15850 15792->15780 15793 7ff6975737b0 15792->15793 15793->15800 15854 7ff697574698 15793->15854 15795 7ff69756bcc0 _wfindfirst32i64 8 API calls 15797 7ff697573ac3 15795->15797 15797->15670 15799->15800 15879 7ff69757ee18 15799->15879 15800->15795 15802 7ff6975733c9 15801->15802 15803 7ff6975733b3 15801->15803 15804 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15802->15804 15811 7ff697573407 15802->15811 15805 7ff697573795 15803->15805 15806 7ff697573722 15803->15806 15803->15811 15804->15811 15809 7ff69757379a 15805->15809 15810 7ff6975737ef 15805->15810 15807 7ff697573728 15806->15807 15808 7ff6975737bf 15806->15808 15817 7ff69757372d 15807->15817 15819 7ff6975737fe 15807->15819 15814 7ff697571c90 38 API calls 15808->15814 15812 7ff69757379c 15809->15812 15813 7ff6975737cf 15809->15813 15810->15808 15810->15819 15830 7ff697573758 15810->15830 15811->15670 15821 7ff6975737ab 15812->15821 15823 7ff69757373d 15812->15823 15815 7ff697571880 38 API calls 15813->15815 15814->15830 15815->15830 15816 7ff697574044 47 API calls 15816->15830 15818 7ff697573770 15817->15818 15817->15823 15817->15830 15822 7ff697574500 47 API calls 15818->15822 15828 7ff69757382d 15818->15828 15820 7ff6975720a0 38 API calls 15819->15820 15819->15828 15820->15830 15821->15808 15824 7ff6975737b0 15821->15824 15822->15830 15823->15816 15823->15828 15826 7ff697574698 37 API calls 15824->15826 15824->15828 15825 7ff69756bcc0 _wfindfirst32i64 8 API calls 15827 7ff697573ac3 15825->15827 15826->15830 15827->15670 15828->15825 15829 7ff69757ee18 47 API calls 15829->15830 15830->15828 15830->15829 16037 7ff697570e54 15831->16037 15835 7ff697574917 15834->15835 16054 7ff69757df78 15835->16054 15841 7ff697574066 15840->15841 15889 7ff697570cc0 15841->15889 15846 7ff6975741a3 15848 7ff697574900 45 API calls 15846->15848 15849 7ff69757422c 15846->15849 15847 7ff697574900 45 API calls 15847->15846 15848->15849 15849->15799 15851 7ff697574518 15850->15851 15853 7ff697574580 15850->15853 15852 7ff69757ee18 47 API calls 15851->15852 15851->15853 15852->15853 15853->15799 15856 7ff6975746b9 15854->15856 15855 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15857 7ff6975746ea 15855->15857 15856->15855 15856->15857 15857->15799 15859 7ff697571cc3 15858->15859 15860 7ff697571cf2 15859->15860 15862 7ff697571daf 15859->15862 15861 7ff697570cc0 12 API calls 15860->15861 15864 7ff697571d2f 15860->15864 15861->15864 15863 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15862->15863 15863->15864 15864->15799 15866 7ff6975718b3 15865->15866 15867 7ff6975718e2 15866->15867 15869 7ff69757199f 15866->15869 15868 7ff697570cc0 12 API calls 15867->15868 15871 7ff69757191f 15867->15871 15868->15871 15870 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15869->15870 15870->15871 15871->15799 15873 7ff6975720d3 15872->15873 15874 7ff697572102 15873->15874 15876 7ff6975721bf 15873->15876 15875 7ff697570cc0 12 API calls 15874->15875 15878 7ff69757213f 15874->15878 15875->15878 15877 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15876->15877 15877->15878 15878->15799 15880 7ff69757ee40 15879->15880 15881 7ff69757ee85 15880->15881 15883 7ff697574900 45 API calls 15880->15883 15886 7ff69757ee45 __scrt_get_show_window_mode 15880->15886 15888 7ff69757ee6e __scrt_get_show_window_mode 15880->15888 15881->15886 15881->15888 16034 7ff6975804c8 15881->16034 15882 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15882->15886 15883->15881 15886->15799 15888->15882 15888->15886 15890 7ff697570ce6 15889->15890 15891 7ff697570cf7 15889->15891 15897 7ff69757eb30 15890->15897 15891->15890 15919 7ff69757dbbc 15891->15919 15894 7ff697570d38 15896 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15894->15896 15895 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15895->15894 15896->15890 15898 7ff69757eb4d 15897->15898 15899 7ff69757eb80 15897->15899 15900 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15898->15900 15899->15898 15901 7ff69757ebb2 15899->15901 15910 7ff697574181 15900->15910 15907 7ff69757ecc5 15901->15907 15913 7ff69757ebfa 15901->15913 15902 7ff69757edb7 15959 7ff69757e01c 15902->15959 15904 7ff69757ed7d 15952 7ff69757e3b4 15904->15952 15906 7ff69757ed4c 15945 7ff69757e694 15906->15945 15907->15902 15907->15904 15907->15906 15909 7ff69757ed0f 15907->15909 15912 7ff69757ed05 15907->15912 15935 7ff69757e8c4 15909->15935 15910->15846 15910->15847 15912->15904 15914 7ff69757ed0a 15912->15914 15913->15910 15926 7ff69757aa3c 15913->15926 15914->15906 15914->15909 15917 7ff69757aec4 _wfindfirst32i64 17 API calls 15918 7ff69757ee14 15917->15918 15920 7ff69757dc07 15919->15920 15924 7ff69757dbcb _get_daylight 15919->15924 15921 7ff6975754c4 _get_daylight 11 API calls 15920->15921 15923 7ff697570d24 15921->15923 15922 7ff69757dbee HeapAlloc 15922->15923 15922->15924 15923->15894 15923->15895 15924->15920 15924->15922 15925 7ff697583c00 _get_daylight 2 API calls 15924->15925 15925->15924 15927 7ff69757aa49 15926->15927 15928 7ff69757aa53 15926->15928 15927->15928 15933 7ff69757aa6e 15927->15933 15929 7ff6975754c4 _get_daylight 11 API calls 15928->15929 15930 7ff69757aa5a 15929->15930 15968 7ff69757aea4 15930->15968 15932 7ff69757aa66 15932->15910 15932->15917 15933->15932 15934 7ff6975754c4 _get_daylight 11 API calls 15933->15934 15934->15930 15970 7ff69758471c 15935->15970 15939 7ff69757e970 15939->15910 15940 7ff69757e96c 15940->15939 15941 7ff69757e9c1 15940->15941 15942 7ff69757e98c 15940->15942 16023 7ff69757e4b0 15941->16023 16019 7ff69757e76c 15942->16019 15946 7ff69758471c 38 API calls 15945->15946 15947 7ff69757e6de 15946->15947 15948 7ff697584164 37 API calls 15947->15948 15949 7ff69757e72e 15948->15949 15950 7ff69757e732 15949->15950 15951 7ff69757e76c 45 API calls 15949->15951 15950->15910 15951->15950 15953 7ff69758471c 38 API calls 15952->15953 15954 7ff69757e3ff 15953->15954 15955 7ff697584164 37 API calls 15954->15955 15956 7ff69757e457 15955->15956 15957 7ff69757e45b 15956->15957 15958 7ff69757e4b0 45 API calls 15956->15958 15957->15910 15958->15957 15960 7ff69757e094 15959->15960 15961 7ff69757e061 15959->15961 15963 7ff69757e0ac 15960->15963 15966 7ff69757e12d 15960->15966 15962 7ff69757add8 _invalid_parameter_noinfo 37 API calls 15961->15962 15965 7ff69757e08d __scrt_get_show_window_mode 15962->15965 15964 7ff69757e3b4 46 API calls 15963->15964 15964->15965 15965->15910 15966->15965 15967 7ff697574900 45 API calls 15966->15967 15967->15965 15969 7ff69757ad3c _invalid_parameter_noinfo 37 API calls 15968->15969 15971 7ff69758476f fegetenv 15970->15971 15972 7ff69758867c 37 API calls 15971->15972 15975 7ff6975847c2 15972->15975 15973 7ff6975847ef 15977 7ff69757aa3c __std_exception_copy 37 API calls 15973->15977 15974 7ff6975848b2 15976 7ff69758867c 37 API calls 15974->15976 15975->15974 15980 7ff69758488c 15975->15980 15981 7ff6975847dd 15975->15981 15978 7ff6975848dc 15976->15978 15979 7ff69758486d 15977->15979 15982 7ff69758867c 37 API calls 15978->15982 15984 7ff697585994 15979->15984 15989 7ff697584875 15979->15989 15985 7ff69757aa3c __std_exception_copy 37 API calls 15980->15985 15981->15973 15981->15974 15983 7ff6975848ed 15982->15983 15986 7ff697588870 20 API calls 15983->15986 15987 7ff69757aec4 _wfindfirst32i64 17 API calls 15984->15987 15985->15979 15993 7ff697584956 __scrt_get_show_window_mode 15986->15993 15988 7ff6975859a9 15987->15988 15990 7ff69756bcc0 _wfindfirst32i64 8 API calls 15989->15990 15991 7ff69757e911 15990->15991 16015 7ff697584164 15991->16015 15992 7ff697584cff __scrt_get_show_window_mode 15993->15992 15994 7ff697584997 memcpy_s 15993->15994 15999 7ff6975754c4 _get_daylight 11 API calls 15993->15999 16008 7ff6975852db memcpy_s __scrt_get_show_window_mode 15994->16008 16011 7ff697584df3 memcpy_s __scrt_get_show_window_mode 15994->16011 15995 7ff697584280 37 API calls 16002 7ff697585757 15995->16002 15996 7ff69758503f 15996->15995 15997 7ff6975859ac memcpy_s 37 API calls 15997->15996 15998 7ff697584feb 15998->15996 15998->15997 16000 7ff697584dd0 15999->16000 16001 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16000->16001 16001->15994 16003 7ff6975859ac memcpy_s 37 API calls 16002->16003 16013 7ff6975857b2 16002->16013 16003->16013 16004 7ff697585938 16005 7ff69758867c 37 API calls 16004->16005 16005->15989 16006 7ff6975754c4 11 API calls _get_daylight 16006->16008 16007 7ff6975754c4 11 API calls _get_daylight 16007->16011 16008->15996 16008->15998 16008->16006 16014 7ff69757aea4 37 API calls _invalid_parameter_noinfo 16008->16014 16009 7ff697584280 37 API calls 16009->16013 16010 7ff69757aea4 37 API calls _invalid_parameter_noinfo 16010->16011 16011->15998 16011->16007 16011->16010 16012 7ff6975859ac memcpy_s 37 API calls 16012->16013 16013->16004 16013->16009 16013->16012 16014->16008 16016 7ff697584183 16015->16016 16017 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16016->16017 16018 7ff6975841ae memcpy_s 16016->16018 16017->16018 16018->15940 16020 7ff69757e798 memcpy_s 16019->16020 16021 7ff697574900 45 API calls 16020->16021 16022 7ff69757e852 memcpy_s __scrt_get_show_window_mode 16020->16022 16021->16022 16022->15939 16024 7ff69757e4eb 16023->16024 16025 7ff69757e538 memcpy_s 16023->16025 16026 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16024->16026 16028 7ff69757e5a3 16025->16028 16030 7ff697574900 45 API calls 16025->16030 16027 7ff69757e517 16026->16027 16027->15939 16029 7ff69757aa3c __std_exception_copy 37 API calls 16028->16029 16033 7ff69757e5e5 memcpy_s 16029->16033 16030->16028 16031 7ff69757aec4 _wfindfirst32i64 17 API calls 16032 7ff69757e690 16031->16032 16033->16031 16036 7ff6975804ec WideCharToMultiByte 16034->16036 16038 7ff697570e93 16037->16038 16039 7ff697570e81 16037->16039 16041 7ff697570ea0 16038->16041 16045 7ff697570edd 16038->16045 16040 7ff6975754c4 _get_daylight 11 API calls 16039->16040 16042 7ff697570e86 16040->16042 16044 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16041->16044 16043 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16042->16043 16049 7ff697570e91 16043->16049 16044->16049 16046 7ff697570f86 16045->16046 16047 7ff6975754c4 _get_daylight 11 API calls 16045->16047 16048 7ff6975754c4 _get_daylight 11 API calls 16046->16048 16046->16049 16050 7ff697570f7b 16047->16050 16051 7ff697571030 16048->16051 16049->15670 16052 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16050->16052 16053 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16051->16053 16052->16046 16053->16049 16055 7ff69757493f 16054->16055 16056 7ff69757df91 16054->16056 16058 7ff69757dfe4 16055->16058 16056->16055 16062 7ff697583974 16056->16062 16059 7ff69757dffd 16058->16059 16060 7ff69757494f 16058->16060 16059->16060 16106 7ff697582cc0 16059->16106 16060->15670 16074 7ff69757b710 GetLastError 16062->16074 16065 7ff6975839ce 16065->16055 16075 7ff69757b734 FlsGetValue 16074->16075 16076 7ff69757b751 FlsSetValue 16074->16076 16077 7ff69757b74b 16075->16077 16093 7ff69757b741 16075->16093 16078 7ff69757b763 16076->16078 16076->16093 16077->16076 16080 7ff69757f158 _get_daylight 11 API calls 16078->16080 16079 7ff69757b7bd SetLastError 16082 7ff69757b7dd 16079->16082 16083 7ff69757b7ca 16079->16083 16081 7ff69757b772 16080->16081 16084 7ff69757b790 FlsSetValue 16081->16084 16085 7ff69757b780 FlsSetValue 16081->16085 16097 7ff69757aa9c 16082->16097 16083->16065 16096 7ff697580cb8 EnterCriticalSection 16083->16096 16088 7ff69757b79c FlsSetValue 16084->16088 16089 7ff69757b7ae 16084->16089 16087 7ff69757b789 16085->16087 16091 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16087->16091 16088->16087 16092 7ff69757b4b8 _get_daylight 11 API calls 16089->16092 16091->16093 16094 7ff69757b7b6 16092->16094 16093->16079 16095 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16094->16095 16095->16079 16098 7ff697583cc0 __GetCurrentState EnterCriticalSection LeaveCriticalSection 16097->16098 16099 7ff69757aaa5 16098->16099 16100 7ff69757aab4 16099->16100 16101 7ff697583d10 __GetCurrentState 44 API calls 16099->16101 16102 7ff69757aabd IsProcessorFeaturePresent 16100->16102 16103 7ff69757aae7 __GetCurrentState 16100->16103 16101->16100 16104 7ff69757aacc 16102->16104 16105 7ff69757abd8 _wfindfirst32i64 14 API calls 16104->16105 16105->16103 16107 7ff69757b710 __GetCurrentState 45 API calls 16106->16107 16108 7ff697582cc9 16107->16108 16116 7ff69757536c EnterCriticalSection 16109->16116 16118 7ff6975628ac 16117->16118 16119 7ff697574ac4 49 API calls 16118->16119 16120 7ff6975628fd 16119->16120 16121 7ff6975754c4 _get_daylight 11 API calls 16120->16121 16122 7ff697562902 16121->16122 16136 7ff6975754e4 16122->16136 16125 7ff697561ef0 49 API calls 16126 7ff697562931 __scrt_get_show_window_mode 16125->16126 16127 7ff697568ae0 57 API calls 16126->16127 16128 7ff697562966 16127->16128 16129 7ff69756296b 16128->16129 16130 7ff6975629a3 MessageBoxA 16128->16130 16131 7ff697568ae0 57 API calls 16129->16131 16132 7ff6975629bd 16130->16132 16133 7ff697562985 MessageBoxW 16131->16133 16134 7ff69756bcc0 _wfindfirst32i64 8 API calls 16132->16134 16133->16132 16135 7ff6975629cd 16134->16135 16135->15343 16137 7ff69757b888 _get_daylight 11 API calls 16136->16137 16138 7ff6975754fb 16137->16138 16139 7ff69757f158 _get_daylight 11 API calls 16138->16139 16140 7ff69757553b 16138->16140 16145 7ff697562909 16138->16145 16141 7ff697575530 16139->16141 16140->16145 16148 7ff69757f828 16140->16148 16142 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16141->16142 16142->16140 16145->16125 16146 7ff69757aec4 _wfindfirst32i64 17 API calls 16147 7ff697575580 16146->16147 16151 7ff69757f845 16148->16151 16149 7ff69757f84a 16150 7ff6975754c4 _get_daylight 11 API calls 16149->16150 16154 7ff697575561 16149->16154 16156 7ff69757f854 16150->16156 16151->16149 16152 7ff69757f894 16151->16152 16151->16154 16152->16154 16155 7ff6975754c4 _get_daylight 11 API calls 16152->16155 16153 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16153->16154 16154->16145 16154->16146 16155->16156 16156->16153 16158 7ff697568c14 WideCharToMultiByte 16157->16158 16159 7ff697568c82 WideCharToMultiByte 16157->16159 16161 7ff697568c3e 16158->16161 16164 7ff697568c55 16158->16164 16160 7ff697568caf 16159->16160 16165 7ff697563f25 16159->16165 16162 7ff6975629e0 57 API calls 16160->16162 16163 7ff6975629e0 57 API calls 16161->16163 16162->16165 16163->16165 16164->16159 16166 7ff697568c6b 16164->16166 16165->15352 16165->15354 16167 7ff6975629e0 57 API calls 16166->16167 16167->16165 16169 7ff697567bde 16168->16169 16170 7ff69757a9b3 16168->16170 16169->15369 16170->16169 16171 7ff69757aa3c __std_exception_copy 37 API calls 16170->16171 16172 7ff69757a9e0 16171->16172 16172->16169 16173 7ff69757aec4 _wfindfirst32i64 17 API calls 16172->16173 16174 7ff69757aa10 16173->16174 16176 7ff697563fd0 116 API calls 16175->16176 16177 7ff697561ad6 16176->16177 16178 7ff697561c84 16177->16178 16180 7ff6975682b0 83 API calls 16177->16180 16179 7ff69756bcc0 _wfindfirst32i64 8 API calls 16178->16179 16181 7ff697561c98 16179->16181 16182 7ff697561b0e 16180->16182 16181->15388 16208 7ff697563e40 16181->16208 16207 7ff697561b3f 16182->16207 16214 7ff697570814 16182->16214 16183 7ff69757018c 74 API calls 16183->16178 16185 7ff697561b28 16186 7ff697561b2c 16185->16186 16187 7ff697561b44 16185->16187 16188 7ff697562890 59 API calls 16186->16188 16218 7ff6975704dc 16187->16218 16188->16207 16191 7ff697561b77 16194 7ff697570814 73 API calls 16191->16194 16192 7ff697561b5f 16193 7ff697562890 59 API calls 16192->16193 16193->16207 16195 7ff697561bc4 16194->16195 16196 7ff697561bd6 16195->16196 16197 7ff697561bee 16195->16197 16198 7ff697562890 59 API calls 16196->16198 16199 7ff6975704dc _fread_nolock 53 API calls 16197->16199 16198->16207 16200 7ff697561c03 16199->16200 16201 7ff697561c09 16200->16201 16202 7ff697561c1e 16200->16202 16203 7ff697562890 59 API calls 16201->16203 16221 7ff697570250 16202->16221 16203->16207 16206 7ff697562b30 59 API calls 16206->16207 16207->16183 16209 7ff697561ef0 49 API calls 16208->16209 16210 7ff697563e5d 16209->16210 16210->15389 16212 7ff697561ef0 49 API calls 16211->16212 16213 7ff697564080 16212->16213 16213->15388 16213->16213 16215 7ff697570844 16214->16215 16227 7ff6975705a4 16215->16227 16217 7ff69757085d 16217->16185 16239 7ff6975704fc 16218->16239 16222 7ff697570259 16221->16222 16224 7ff697561c32 16221->16224 16223 7ff6975754c4 _get_daylight 11 API calls 16222->16223 16224->16206 16224->16207 16228 7ff69757060e 16227->16228 16229 7ff6975705ce 16227->16229 16228->16229 16231 7ff69757061a 16228->16231 16230 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16229->16230 16232 7ff6975705f5 16230->16232 16238 7ff69757536c EnterCriticalSection 16231->16238 16232->16217 16240 7ff697570526 16239->16240 16241 7ff697561b59 16239->16241 16240->16241 16242 7ff697570535 __scrt_get_show_window_mode 16240->16242 16243 7ff697570572 16240->16243 16241->16191 16241->16192 16245 7ff6975754c4 _get_daylight 11 API calls 16242->16245 16252 7ff69757536c EnterCriticalSection 16243->16252 16247 7ff69757054a 16245->16247 16249 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16247->16249 16249->16241 16254 7ff697567966 16253->16254 16255 7ff69756798a 16254->16255 16256 7ff6975679dd GetTempPathW 16254->16256 16258 7ff697567b60 61 API calls 16255->16258 16257 7ff6975679f2 16256->16257 16292 7ff697562830 16257->16292 16259 7ff697567996 16258->16259 16316 7ff697567420 16259->16316 16265 7ff6975679bc __std_exception_destroy 16265->16256 16271 7ff6975679ca 16265->16271 16266 7ff69756bcc0 _wfindfirst32i64 8 API calls 16268 7ff69756154f 16266->16268 16268->15398 16268->15399 16269 7ff697567ab6 16273 7ff697568bf0 59 API calls 16269->16273 16270 7ff697567a0b __std_exception_destroy 16270->16269 16275 7ff697567a41 16270->16275 16296 7ff697578aa4 16270->16296 16299 7ff697568950 16270->16299 16272 7ff697562b30 59 API calls 16271->16272 16276 7ff697567ac7 __std_exception_destroy 16273->16276 16277 7ff697568ae0 57 API calls 16275->16277 16291 7ff697567a7a __std_exception_destroy 16275->16291 16279 7ff697568ae0 57 API calls 16276->16279 16276->16291 16278 7ff697567a57 16277->16278 16280 7ff697567a5c 16278->16280 16281 7ff697567a99 SetEnvironmentVariableW 16278->16281 16282 7ff697567ae5 16279->16282 16283 7ff697568ae0 57 API calls 16280->16283 16281->16291 16284 7ff697567aea 16282->16284 16285 7ff697567b1d SetEnvironmentVariableW 16282->16285 16287 7ff697567a6c 16283->16287 16286 7ff697568ae0 57 API calls 16284->16286 16285->16291 16288 7ff697567afa 16286->16288 16289 7ff697577dec 38 API calls 16287->16289 16290 7ff697577dec 38 API calls 16288->16290 16289->16291 16290->16291 16291->16266 16293 7ff697562855 16292->16293 16350 7ff697574d18 16293->16350 16544 7ff6975786d0 16296->16544 16300 7ff69756bc60 16299->16300 16301 7ff697568960 GetCurrentProcess OpenProcessToken 16300->16301 16302 7ff6975689ab GetTokenInformation 16301->16302 16303 7ff697568a21 __std_exception_destroy 16301->16303 16304 7ff6975689cd GetLastError 16302->16304 16305 7ff6975689d8 16302->16305 16306 7ff697568a3a 16303->16306 16307 7ff697568a34 CloseHandle 16303->16307 16304->16303 16304->16305 16305->16303 16308 7ff6975689ee GetTokenInformation 16305->16308 16675 7ff697568650 16306->16675 16307->16306 16308->16303 16310 7ff697568a14 ConvertSidToStringSidW 16308->16310 16310->16303 16317 7ff69756742c 16316->16317 16318 7ff697568ae0 57 API calls 16317->16318 16319 7ff69756744e 16318->16319 16320 7ff697567456 16319->16320 16321 7ff697567469 ExpandEnvironmentStringsW 16319->16321 16322 7ff697562b30 59 API calls 16320->16322 16323 7ff69756748f __std_exception_destroy 16321->16323 16324 7ff697567462 16322->16324 16325 7ff697567493 16323->16325 16328 7ff6975674a6 16323->16328 16327 7ff69756bcc0 _wfindfirst32i64 8 API calls 16324->16327 16326 7ff697562b30 59 API calls 16325->16326 16326->16324 16329 7ff697567588 16327->16329 16330 7ff6975674b4 16328->16330 16331 7ff6975674c0 16328->16331 16329->16291 16340 7ff697577dec 16329->16340 16679 7ff6975779a4 16330->16679 16686 7ff697576328 16331->16686 16334 7ff6975674be 16335 7ff6975674da 16334->16335 16338 7ff6975674ed __scrt_get_show_window_mode 16334->16338 16336 7ff697562b30 59 API calls 16335->16336 16336->16324 16337 7ff697567562 CreateDirectoryW 16337->16324 16338->16337 16339 7ff69756753c CreateDirectoryW 16338->16339 16339->16338 16341 7ff697577e0c 16340->16341 16342 7ff697577df9 16340->16342 16787 7ff697577a70 16341->16787 16343 7ff6975754c4 _get_daylight 11 API calls 16342->16343 16345 7ff697577dfe 16343->16345 16347 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16345->16347 16348 7ff697577e0a 16347->16348 16348->16265 16351 7ff697574d72 16350->16351 16352 7ff697574d97 16351->16352 16354 7ff697574dd3 16351->16354 16353 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16352->16353 16356 7ff697574dc1 16353->16356 16368 7ff6975730d0 16354->16368 16359 7ff69756bcc0 _wfindfirst32i64 8 API calls 16356->16359 16357 7ff697574eb4 16358 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16357->16358 16358->16356 16360 7ff697562874 16359->16360 16360->16270 16362 7ff697574eda 16362->16357 16366 7ff697574ee4 16362->16366 16363 7ff697574e89 16364 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16363->16364 16364->16356 16365 7ff697574e80 16365->16357 16365->16363 16367 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16366->16367 16367->16356 16369 7ff69757310e 16368->16369 16370 7ff6975730fe 16368->16370 16371 7ff697573117 16369->16371 16377 7ff697573145 16369->16377 16372 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16370->16372 16373 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16371->16373 16374 7ff69757313d 16372->16374 16373->16374 16374->16357 16374->16362 16374->16363 16374->16365 16377->16370 16377->16374 16379 7ff697573ae4 16377->16379 16412 7ff697573530 16377->16412 16449 7ff697572cc0 16377->16449 16380 7ff697573b26 16379->16380 16381 7ff697573b97 16379->16381 16384 7ff697573b2c 16380->16384 16385 7ff697573bc1 16380->16385 16382 7ff697573b9c 16381->16382 16383 7ff697573bf0 16381->16383 16386 7ff697573bd1 16382->16386 16387 7ff697573b9e 16382->16387 16390 7ff697573c07 16383->16390 16392 7ff697573bfa 16383->16392 16397 7ff697573bff 16383->16397 16388 7ff697573b60 16384->16388 16389 7ff697573b31 16384->16389 16468 7ff697571e94 16385->16468 16475 7ff697571a84 16386->16475 16391 7ff697573b40 16387->16391 16401 7ff697573bad 16387->16401 16393 7ff697573b37 16388->16393 16388->16397 16389->16390 16389->16393 16482 7ff6975747ec 16390->16482 16411 7ff697573c30 16391->16411 16452 7ff697574298 16391->16452 16392->16385 16392->16397 16393->16391 16400 7ff697573b72 16393->16400 16407 7ff697573b5b 16393->16407 16397->16411 16486 7ff6975722a4 16397->16486 16400->16411 16462 7ff6975745d4 16400->16462 16401->16385 16402 7ff697573bb2 16401->16402 16406 7ff697574698 37 API calls 16402->16406 16402->16411 16404 7ff69756bcc0 _wfindfirst32i64 8 API calls 16405 7ff697573f2a 16404->16405 16405->16377 16406->16407 16408 7ff697574900 45 API calls 16407->16408 16410 7ff697573e1c 16407->16410 16407->16411 16408->16410 16410->16411 16493 7ff69757efc8 16410->16493 16411->16404 16413 7ff697573554 16412->16413 16414 7ff69757353e 16412->16414 16415 7ff697573594 16413->16415 16416 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16413->16416 16414->16415 16417 7ff697573b26 16414->16417 16418 7ff697573b97 16414->16418 16415->16377 16416->16415 16421 7ff697573b2c 16417->16421 16422 7ff697573bc1 16417->16422 16419 7ff697573b9c 16418->16419 16420 7ff697573bf0 16418->16420 16423 7ff697573bd1 16419->16423 16430 7ff697573b9e 16419->16430 16426 7ff697573c07 16420->16426 16427 7ff697573bfa 16420->16427 16433 7ff697573bff 16420->16433 16424 7ff697573b60 16421->16424 16425 7ff697573b31 16421->16425 16429 7ff697571e94 38 API calls 16422->16429 16431 7ff697571a84 38 API calls 16423->16431 16428 7ff697573b37 16424->16428 16424->16433 16425->16426 16425->16428 16434 7ff6975747ec 45 API calls 16426->16434 16427->16422 16427->16433 16437 7ff697573b72 16428->16437 16438 7ff697573b40 16428->16438 16444 7ff697573b5b 16428->16444 16429->16444 16436 7ff697573bad 16430->16436 16430->16438 16431->16444 16432 7ff697574298 47 API calls 16432->16444 16435 7ff6975722a4 38 API calls 16433->16435 16447 7ff697573c30 16433->16447 16434->16444 16435->16444 16436->16422 16439 7ff697573bb2 16436->16439 16440 7ff6975745d4 46 API calls 16437->16440 16437->16447 16438->16432 16438->16447 16442 7ff697574698 37 API calls 16439->16442 16439->16447 16440->16444 16441 7ff69756bcc0 _wfindfirst32i64 8 API calls 16443 7ff697573f2a 16441->16443 16442->16444 16443->16377 16445 7ff697574900 45 API calls 16444->16445 16444->16447 16448 7ff697573e1c 16444->16448 16445->16448 16446 7ff69757efc8 46 API calls 16446->16448 16447->16441 16448->16446 16448->16447 16527 7ff697571108 16449->16527 16453 7ff6975742be 16452->16453 16454 7ff697570cc0 12 API calls 16453->16454 16455 7ff69757430e 16454->16455 16456 7ff69757eb30 46 API calls 16455->16456 16458 7ff6975743e1 16456->16458 16464 7ff697574609 16462->16464 16463 7ff697574627 16465 7ff69757efc8 46 API calls 16463->16465 16464->16463 16466 7ff697574900 45 API calls 16464->16466 16467 7ff69757464e 16464->16467 16465->16467 16466->16463 16467->16407 16469 7ff697571ec7 16468->16469 16470 7ff697571ef6 16469->16470 16472 7ff697571fb3 16469->16472 16474 7ff697571f33 16470->16474 16505 7ff697570d68 16470->16505 16473 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16472->16473 16473->16474 16474->16407 16476 7ff697571ab7 16475->16476 16477 7ff697571ae6 16476->16477 16479 7ff697571ba3 16476->16479 16478 7ff697570d68 12 API calls 16477->16478 16480 7ff697571b23 16477->16480 16478->16480 16481 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16479->16481 16480->16407 16481->16480 16483 7ff69757482f 16482->16483 16485 7ff697574833 __crtLCMapStringW 16483->16485 16513 7ff697574888 16483->16513 16485->16407 16487 7ff6975722d7 16486->16487 16488 7ff697572306 16487->16488 16490 7ff6975723c3 16487->16490 16489 7ff697570d68 12 API calls 16488->16489 16491 7ff697572343 16488->16491 16489->16491 16492 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16490->16492 16491->16407 16492->16491 16495 7ff69757eff9 16493->16495 16500 7ff69757f007 16493->16500 16494 7ff69757f027 16497 7ff69757f038 16494->16497 16498 7ff69757f05f 16494->16498 16495->16494 16496 7ff697574900 45 API calls 16495->16496 16495->16500 16496->16494 16498->16500 16500->16410 16506 7ff697570d9f 16505->16506 16507 7ff697570d8e 16505->16507 16506->16507 16508 7ff69757dbbc _fread_nolock 12 API calls 16506->16508 16507->16474 16509 7ff697570dd0 16508->16509 16514 7ff6975748a6 16513->16514 16515 7ff6975748ae 16513->16515 16516 7ff697574900 45 API calls 16514->16516 16515->16485 16516->16515 16528 7ff69757113d 16527->16528 16529 7ff69757114f 16527->16529 16530 7ff6975754c4 _get_daylight 11 API calls 16528->16530 16532 7ff69757115d 16529->16532 16536 7ff697571199 16529->16536 16531 7ff697571142 16530->16531 16533 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16531->16533 16534 7ff69757add8 _invalid_parameter_noinfo 37 API calls 16532->16534 16541 7ff69757114d 16533->16541 16534->16541 16535 7ff697571515 16537 7ff6975754c4 _get_daylight 11 API calls 16535->16537 16535->16541 16536->16535 16538 7ff6975754c4 _get_daylight 11 API calls 16536->16538 16539 7ff6975717a9 16537->16539 16540 7ff69757150a 16538->16540 16542 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16539->16542 16543 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16540->16543 16541->16377 16542->16541 16543->16535 16585 7ff697581bc8 16544->16585 16644 7ff697581940 16585->16644 16665 7ff697580cb8 EnterCriticalSection 16644->16665 16676 7ff697568675 16675->16676 16677 7ff697574d18 48 API calls 16676->16677 16678 7ff697568698 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 16677->16678 16680 7ff6975779c2 16679->16680 16682 7ff6975779f5 16679->16682 16680->16682 16698 7ff697580e54 16680->16698 16682->16334 16684 7ff69757aec4 _wfindfirst32i64 17 API calls 16685 7ff697577a25 16684->16685 16687 7ff697576344 16686->16687 16688 7ff6975763b2 16686->16688 16687->16688 16690 7ff697576349 16687->16690 16732 7ff6975804a0 16688->16732 16691 7ff697576361 16690->16691 16692 7ff69757637e 16690->16692 16707 7ff6975760f8 GetFullPathNameW 16691->16707 16715 7ff69757616c GetFullPathNameW 16692->16715 16697 7ff697576376 __std_exception_destroy 16697->16334 16699 7ff697580e61 16698->16699 16700 7ff697580e6b 16698->16700 16699->16700 16705 7ff697580e87 16699->16705 16701 7ff6975754c4 _get_daylight 11 API calls 16700->16701 16702 7ff697580e73 16701->16702 16703 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16702->16703 16704 7ff6975779f1 16703->16704 16704->16682 16704->16684 16705->16704 16706 7ff6975754c4 _get_daylight 11 API calls 16705->16706 16706->16702 16708 7ff697576134 16707->16708 16709 7ff69757611e GetLastError 16707->16709 16710 7ff697576130 16708->16710 16713 7ff6975754c4 _get_daylight 11 API calls 16708->16713 16711 7ff697575438 _fread_nolock 11 API calls 16709->16711 16710->16697 16712 7ff69757612b 16711->16712 16714 7ff6975754c4 _get_daylight 11 API calls 16712->16714 16713->16710 16714->16710 16716 7ff69757619f GetLastError 16715->16716 16721 7ff6975761b5 __std_exception_destroy 16715->16721 16717 7ff697575438 _fread_nolock 11 API calls 16716->16717 16718 7ff6975761ac 16717->16718 16719 7ff6975754c4 _get_daylight 11 API calls 16718->16719 16720 7ff6975761b1 16719->16720 16723 7ff697576244 16720->16723 16721->16720 16722 7ff69757620f GetFullPathNameW 16721->16722 16722->16716 16722->16720 16727 7ff6975762b8 memcpy_s 16723->16727 16728 7ff69757626d __scrt_get_show_window_mode 16723->16728 16724 7ff6975762a1 16727->16697 16728->16724 16728->16727 16729 7ff6975762da 16728->16729 16729->16727 16735 7ff6975802b0 16732->16735 16736 7ff6975802db 16735->16736 16737 7ff6975802f2 16735->16737 16738 7ff6975754c4 _get_daylight 11 API calls 16736->16738 16739 7ff697580317 16737->16739 16740 7ff6975802f6 16737->16740 16742 7ff6975802e0 16738->16742 16773 7ff69757f918 16739->16773 16761 7ff69758041c 16740->16761 16746 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 16742->16746 16760 7ff6975802eb __std_exception_destroy 16746->16760 16762 7ff697580466 16761->16762 16763 7ff697580436 16761->16763 16765 7ff697580451 16762->16765 16766 7ff697580471 GetDriveTypeW 16762->16766 16764 7ff6975754a4 _fread_nolock 11 API calls 16763->16764 16766->16765 16774 7ff69756d0e0 __scrt_get_show_window_mode 16773->16774 16775 7ff69757f94e GetCurrentDirectoryW 16774->16775 16776 7ff69757f98c 16775->16776 16780 7ff69757f965 16775->16780 16794 7ff697580cb8 EnterCriticalSection 16787->16794 16796 7ff697561726 16795->16796 16797 7ff69756173e 16795->16797 16798 7ff697562b30 59 API calls 16796->16798 16799 7ff697561768 16797->16799 16800 7ff697561744 16797->16800 16801 7ff697561732 16798->16801 16888 7ff697567c10 16799->16888 16925 7ff6975612b0 16800->16925 16801->15423 16806 7ff69756175f 16806->15423 16807 7ff69756178d 16809 7ff697562890 59 API calls 16807->16809 16808 7ff6975617b9 16810 7ff697563fd0 116 API calls 16808->16810 16812 7ff6975617a3 16809->16812 16813 7ff6975617ce 16810->16813 16811 7ff697562b30 59 API calls 16811->16806 16812->15423 16814 7ff6975617d6 16813->16814 16815 7ff6975617ee 16813->16815 16816 7ff697562b30 59 API calls 16814->16816 16817 7ff697570814 73 API calls 16815->16817 16818 7ff6975617e5 16816->16818 16819 7ff6975617ff 16817->16819 16838 7ff697562d86 16837->16838 16839 7ff697561ef0 49 API calls 16838->16839 16841 7ff697562db9 16839->16841 16840 7ff6975630ea 16841->16840 16842 7ff697563e40 49 API calls 16841->16842 16843 7ff697562e27 16842->16843 16844 7ff697563e40 49 API calls 16843->16844 16845 7ff697562e38 16844->16845 16846 7ff697562e59 16845->16846 16847 7ff697562e95 16845->16847 17060 7ff6975631b0 16846->17060 16849 7ff6975631b0 75 API calls 16847->16849 16850 7ff697562e93 16849->16850 16851 7ff697562f16 16850->16851 16852 7ff697562ed4 16850->16852 16853 7ff6975631b0 75 API calls 16851->16853 17068 7ff6975675a0 16852->17068 16856 7ff697562f40 16853->16856 16860 7ff6975631b0 75 API calls 16856->16860 16865 7ff697562fdc 16856->16865 16862 7ff697562f72 16860->16862 16862->16865 16863 7ff697561eb0 59 API calls 16865->16863 16880 7ff6975630ef 16865->16880 16889 7ff697567c20 16888->16889 16890 7ff697561ef0 49 API calls 16889->16890 16891 7ff697567c61 16890->16891 16892 7ff697567ce1 16891->16892 16968 7ff697563f60 16891->16968 16894 7ff69756bcc0 _wfindfirst32i64 8 API calls 16892->16894 16896 7ff697561785 16894->16896 16896->16807 16896->16808 16897 7ff697567d1b 16974 7ff6975677c0 16897->16974 16899 7ff697567b60 61 API calls 16904 7ff697567c92 __std_exception_destroy 16899->16904 16901 7ff697567d04 16903 7ff697562c50 59 API calls 16901->16903 16902 7ff697567cd0 16988 7ff697562c50 16902->16988 16903->16897 16904->16901 16904->16902 16926 7ff6975612c2 16925->16926 16927 7ff697563fd0 116 API calls 16926->16927 16928 7ff6975612f2 16927->16928 16929 7ff6975612fa 16928->16929 16930 7ff697561311 16928->16930 16931 7ff697562b30 59 API calls 16929->16931 16932 7ff697570814 73 API calls 16930->16932 16961 7ff69756130a __std_exception_destroy 16931->16961 16933 7ff697561323 16932->16933 16934 7ff69756134d 16933->16934 16935 7ff697561327 16933->16935 16938 7ff697561368 16934->16938 16939 7ff697561390 16934->16939 16936 7ff697562890 59 API calls 16935->16936 16937 7ff69756133e 16936->16937 16941 7ff69757018c 74 API calls 16937->16941 16942 7ff697562890 59 API calls 16938->16942 16943 7ff6975613aa 16939->16943 16954 7ff697561463 16939->16954 16940 7ff69756bcc0 _wfindfirst32i64 8 API calls 16944 7ff697561454 16940->16944 16941->16961 16945 7ff697561383 16942->16945 16946 7ff697561050 98 API calls 16943->16946 16944->16806 16944->16811 16948 7ff69757018c 74 API calls 16945->16948 16949 7ff6975613bb 16946->16949 16947 7ff6975613c3 16950 7ff69757018c 74 API calls 16947->16950 16948->16961 16949->16947 16952 7ff6975614d2 __std_exception_destroy 16949->16952 16951 7ff6975704dc _fread_nolock 53 API calls 16951->16954 16954->16947 16954->16951 16956 7ff6975614bb 16954->16956 16958 7ff697562890 59 API calls 16956->16958 16958->16952 16961->16940 16969 7ff697563f6a 16968->16969 16970 7ff697568ae0 57 API calls 16969->16970 16971 7ff697563f92 16970->16971 16972 7ff69756bcc0 _wfindfirst32i64 8 API calls 16971->16972 16973 7ff697563fba 16972->16973 16973->16897 16973->16899 16973->16904 16975 7ff6975677d0 16974->16975 17061 7ff6975631e4 17060->17061 17062 7ff697574ac4 49 API calls 17061->17062 17063 7ff69756320a 17062->17063 17064 7ff69756321b 17063->17064 17120 7ff697575dec 17063->17120 17066 7ff69756bcc0 _wfindfirst32i64 8 API calls 17064->17066 17067 7ff697563239 17066->17067 17067->16850 17069 7ff6975675ae 17068->17069 17070 7ff697563fd0 116 API calls 17069->17070 17071 7ff6975675dd 17070->17071 17121 7ff697575e09 17120->17121 17122 7ff697575e15 17120->17122 17137 7ff697575700 17121->17137 17162 7ff697574f98 17122->17162 17345 7ff69756bf2e RtlLookupFunctionEntry 17344->17345 17346 7ff69756bd4b 17345->17346 17347 7ff69756bf44 RtlVirtualUnwind 17345->17347 17348 7ff69756bce0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17346->17348 17347->17345 17347->17346 17350 7ff6975763dc 17349->17350 17351 7ff697576402 17350->17351 17353 7ff697576435 17350->17353 17352 7ff6975754c4 _get_daylight 11 API calls 17351->17352 17354 7ff697576407 17352->17354 17355 7ff69757643b 17353->17355 17356 7ff697576448 17353->17356 17357 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 17354->17357 17358 7ff6975754c4 _get_daylight 11 API calls 17355->17358 17368 7ff69757b1ec 17356->17368 17360 7ff697564029 17357->17360 17358->17360 17360->15486 17381 7ff697580cb8 EnterCriticalSection 17368->17381 17729 7ff6975790a0 17728->17729 17732 7ff697578b7c 17729->17732 17733 7ff697578b97 17732->17733 17734 7ff697578bc6 17732->17734 17735 7ff69757add8 _invalid_parameter_noinfo 37 API calls 17733->17735 17742 7ff69757536c EnterCriticalSection 17734->17742 17744 7ff69756ff83 17743->17744 17745 7ff69756ffb1 17743->17745 17755 7ff697563fd0 116 API calls 17754->17755 17756 7ff6975615c7 17755->17756 17757 7ff6975615cf 17756->17757 17758 7ff6975615f0 17756->17758 17759 7ff697562b30 59 API calls 17757->17759 17760 7ff697570814 73 API calls 17758->17760 17761 7ff6975615df 17759->17761 17762 7ff697561601 17760->17762 17761->15505 17763 7ff697561605 17762->17763 17764 7ff697561621 17762->17764 17765 7ff697562890 59 API calls 17763->17765 17766 7ff697561651 17764->17766 17767 7ff697561631 17764->17767 17776 7ff69756161c __std_exception_destroy 17765->17776 17770 7ff697561666 17766->17770 17774 7ff69756167d 17766->17774 17769 7ff697562890 59 API calls 17767->17769 17768 7ff69757018c 74 API calls 17772 7ff6975616f7 17768->17772 17769->17776 17771 7ff697561050 98 API calls 17770->17771 17771->17776 17772->15505 17773 7ff6975704dc _fread_nolock 53 API calls 17773->17774 17774->17773 17775 7ff6975616be 17774->17775 17774->17776 17777 7ff697562890 59 API calls 17775->17777 17776->17768 17777->17776 17780 7ff6975619d3 17778->17780 17781 7ff69756196f 17778->17781 17779 7ff697575070 45 API calls 17779->17781 17780->15511 17781->17779 17781->17780 17783 7ff697568ae0 57 API calls 17782->17783 17784 7ff697568277 LoadLibraryExW 17783->17784 17785 7ff697568294 __std_exception_destroy 17784->17785 17785->15532 17845->15549 17846->15551 17848 7ff697565bd0 17847->17848 17849 7ff697561ef0 49 API calls 17848->17849 17850 7ff697565c02 17849->17850 17851 7ff697565c2b 17850->17851 17852 7ff697565c0b 17850->17852 17854 7ff697565c82 17851->17854 17856 7ff697564050 49 API calls 17851->17856 17853 7ff697562b30 59 API calls 17852->17853 17874 7ff697565c21 17853->17874 17855 7ff697564050 49 API calls 17854->17855 17857 7ff697565c9b 17855->17857 17858 7ff697565c4c 17856->17858 17860 7ff697565cb9 17857->17860 17864 7ff697562b30 59 API calls 17857->17864 17861 7ff697565c6a 17858->17861 17866 7ff697562b30 59 API calls 17858->17866 17859 7ff69756bcc0 _wfindfirst32i64 8 API calls 17863 7ff69756346e 17859->17863 17865 7ff697568260 58 API calls 17860->17865 17862 7ff697563f60 57 API calls 17861->17862 17867 7ff697565c74 17862->17867 17863->15559 17875 7ff697565d20 17863->17875 17864->17860 17868 7ff697565cc6 17865->17868 17866->17861 17867->17854 17872 7ff697568260 58 API calls 17867->17872 17869 7ff697565ccb 17868->17869 17870 7ff697565ced 17868->17870 17873 7ff6975629e0 57 API calls 17869->17873 17945 7ff6975651e0 GetProcAddress 17870->17945 17872->17854 17873->17874 17874->17859 18029 7ff697564de0 17875->18029 17877 7ff697565d44 17878 7ff697565d5d 17877->17878 17879 7ff697565d4c 17877->17879 18036 7ff697564530 17878->18036 17880 7ff697562b30 59 API calls 17879->17880 17946 7ff697565202 17945->17946 17947 7ff697565220 GetProcAddress 17945->17947 17949 7ff6975629e0 57 API calls 17946->17949 17947->17946 17948 7ff697565245 GetProcAddress 17947->17948 17948->17946 17950 7ff69756526a GetProcAddress 17948->17950 17951 7ff697565215 17949->17951 17950->17946 17951->17874 18032 7ff697564e05 18029->18032 18030 7ff697564e0d 18030->17877 18031 7ff69756514a __std_exception_destroy 18031->17877 18032->18030 18034 7ff697564f9f 18032->18034 18071 7ff697576fb8 18032->18071 18033 7ff697564250 47 API calls 18033->18034 18034->18031 18034->18033 18072 7ff697576fe8 18071->18072 18075 7ff6975764b4 18072->18075 18076 7ff6975764f7 18075->18076 18077 7ff6975764e5 18075->18077 18207 7ff69757b710 __GetCurrentState 45 API calls 18206->18207 18209 7ff69757a971 18207->18209 18208 7ff69757aa9c __GetCurrentState 45 API calls 18210 7ff69757a991 18208->18210 18209->18208 18925 7ff69758ab89 18926 7ff69758aba2 18925->18926 18927 7ff69758ab98 18925->18927 18929 7ff697580d18 LeaveCriticalSection 18927->18929 18930 7ff69756bf90 18931 7ff69756bfa0 18930->18931 18947 7ff69757a138 18931->18947 18933 7ff69756bfac 18953 7ff69756c298 18933->18953 18935 7ff69756c019 18936 7ff69756c57c 7 API calls 18935->18936 18946 7ff69756c035 18935->18946 18938 7ff69756c045 18936->18938 18937 7ff69756bfc4 _RTC_Initialize 18937->18935 18958 7ff69756c448 18937->18958 18940 7ff69756bfd9 18961 7ff6975795a4 18940->18961 18948 7ff69757a149 18947->18948 18949 7ff69757a151 18948->18949 18950 7ff6975754c4 _get_daylight 11 API calls 18948->18950 18949->18933 18951 7ff69757a160 18950->18951 18952 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18951->18952 18952->18949 18954 7ff69756c2a9 18953->18954 18957 7ff69756c2ae __scrt_acquire_startup_lock 18953->18957 18955 7ff69756c57c 7 API calls 18954->18955 18954->18957 18956 7ff69756c322 18955->18956 18957->18937 18986 7ff69756c40c 18958->18986 18960 7ff69756c451 18960->18940 18962 7ff6975795c4 18961->18962 18963 7ff69756bfe5 18961->18963 18964 7ff6975795cc 18962->18964 18965 7ff6975795e2 GetModuleFileNameW 18962->18965 18963->18935 18985 7ff69756c51c InitializeSListHead 18963->18985 18966 7ff6975754c4 _get_daylight 11 API calls 18964->18966 18969 7ff69757960d 18965->18969 18967 7ff6975795d1 18966->18967 18968 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18967->18968 18968->18963 19001 7ff697579544 18969->19001 18972 7ff697579655 18973 7ff6975754c4 _get_daylight 11 API calls 18972->18973 18974 7ff69757965a 18973->18974 18977 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18974->18977 18975 7ff69757966d 18976 7ff69757968f 18975->18976 18979 7ff6975796bb 18975->18979 18980 7ff6975796d4 18975->18980 18978 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18976->18978 18977->18963 18978->18963 18981 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18979->18981 18983 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18980->18983 18982 7ff6975796c4 18981->18982 18984 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18982->18984 18983->18976 18984->18963 18987 7ff69756c426 18986->18987 18989 7ff69756c41f 18986->18989 18990 7ff69757a77c 18987->18990 18989->18960 18993 7ff69757a3b8 18990->18993 19000 7ff697580cb8 EnterCriticalSection 18993->19000 19002 7ff69757955c 19001->19002 19006 7ff697579594 19001->19006 19003 7ff69757f158 _get_daylight 11 API calls 19002->19003 19002->19006 19004 7ff69757958a 19003->19004 19005 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19004->19005 19005->19006 19006->18972 19006->18975 19670 7ff697575310 19671 7ff69757531b 19670->19671 19679 7ff69757f764 19671->19679 19692 7ff697580cb8 EnterCriticalSection 19679->19692 19007 7ff69757b590 19008 7ff69757b595 19007->19008 19009 7ff69757b5aa 19007->19009 19013 7ff69757b5b0 19008->19013 19014 7ff69757b5f2 19013->19014 19015 7ff69757b5fa 19013->19015 19017 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19014->19017 19016 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19015->19016 19018 7ff69757b607 19016->19018 19017->19015 19019 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19018->19019 19020 7ff69757b614 19019->19020 19021 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19020->19021 19022 7ff69757b621 19021->19022 19023 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19022->19023 19024 7ff69757b62e 19023->19024 19025 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19024->19025 19026 7ff69757b63b 19025->19026 19027 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19026->19027 19028 7ff69757b648 19027->19028 19029 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19028->19029 19030 7ff69757b655 19029->19030 19031 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19030->19031 19032 7ff69757b665 19031->19032 19033 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19032->19033 19034 7ff69757b675 19033->19034 19039 7ff69757b458 19034->19039 19053 7ff697580cb8 EnterCriticalSection 19039->19053 19759 7ff69757a2e0 19762 7ff69757a25c 19759->19762 19769 7ff697580cb8 EnterCriticalSection 19762->19769 19770 7ff69757cae0 19781 7ff697580cb8 EnterCriticalSection 19770->19781 19100 7ff69758a96e 19101 7ff69758a97e 19100->19101 19104 7ff697575378 LeaveCriticalSection 19101->19104 18211 7ff69757fcec 18212 7ff69757fede 18211->18212 18214 7ff69757fd2e _isindst 18211->18214 18213 7ff6975754c4 _get_daylight 11 API calls 18212->18213 18231 7ff69757fece 18213->18231 18214->18212 18217 7ff69757fdae _isindst 18214->18217 18215 7ff69756bcc0 _wfindfirst32i64 8 API calls 18216 7ff69757fef9 18215->18216 18232 7ff697586904 18217->18232 18222 7ff69757ff0a 18224 7ff69757aec4 _wfindfirst32i64 17 API calls 18222->18224 18225 7ff69757ff1e 18224->18225 18229 7ff69757fe0b 18229->18231 18257 7ff697586948 18229->18257 18231->18215 18233 7ff697586913 18232->18233 18234 7ff69757fdcc 18232->18234 18264 7ff697580cb8 EnterCriticalSection 18233->18264 18239 7ff697585d08 18234->18239 18240 7ff69757fde1 18239->18240 18241 7ff697585d11 18239->18241 18240->18222 18245 7ff697585d38 18240->18245 18242 7ff6975754c4 _get_daylight 11 API calls 18241->18242 18243 7ff697585d16 18242->18243 18244 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18243->18244 18244->18240 18246 7ff69757fdf2 18245->18246 18247 7ff697585d41 18245->18247 18246->18222 18251 7ff697585d68 18246->18251 18248 7ff6975754c4 _get_daylight 11 API calls 18247->18248 18249 7ff697585d46 18248->18249 18250 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18249->18250 18250->18246 18252 7ff697585d71 18251->18252 18254 7ff69757fe03 18251->18254 18253 7ff6975754c4 _get_daylight 11 API calls 18252->18253 18255 7ff697585d76 18253->18255 18254->18222 18254->18229 18256 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18255->18256 18256->18254 18265 7ff697580cb8 EnterCriticalSection 18257->18265 19789 7ff69758aaf4 19792 7ff697575378 LeaveCriticalSection 19789->19792 18266 7ff697580f38 18267 7ff697580f5c 18266->18267 18271 7ff697580f6c 18266->18271 18268 7ff6975754c4 _get_daylight 11 API calls 18267->18268 18269 7ff697580f61 18268->18269 18270 7ff69758124c 18273 7ff6975754c4 _get_daylight 11 API calls 18270->18273 18271->18270 18272 7ff697580f8e 18271->18272 18277 7ff697580faf 18272->18277 18412 7ff6975815f4 18272->18412 18274 7ff697581251 18273->18274 18275 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18274->18275 18275->18269 18279 7ff697581021 18277->18279 18280 7ff697580fd5 18277->18280 18311 7ff697581015 18277->18311 18278 7ff6975810ce 18290 7ff6975810eb 18278->18290 18295 7ff69758113d 18278->18295 18282 7ff69757f158 _get_daylight 11 API calls 18279->18282 18294 7ff697580fe4 18279->18294 18427 7ff697579c50 18280->18427 18284 7ff697581037 18282->18284 18287 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18284->18287 18286 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18286->18269 18291 7ff697581045 18287->18291 18288 7ff697580ffd 18297 7ff6975815f4 45 API calls 18288->18297 18288->18311 18289 7ff697580fdf 18292 7ff6975754c4 _get_daylight 11 API calls 18289->18292 18293 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18290->18293 18291->18294 18299 7ff69757f158 _get_daylight 11 API calls 18291->18299 18291->18311 18292->18294 18296 7ff6975810f4 18293->18296 18294->18286 18295->18294 18298 7ff697583a4c 40 API calls 18295->18298 18305 7ff6975810f9 18296->18305 18469 7ff697583a4c 18296->18469 18297->18311 18300 7ff69758117a 18298->18300 18302 7ff697581067 18299->18302 18303 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18300->18303 18307 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18302->18307 18308 7ff697581184 18303->18308 18304 7ff697581125 18309 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18304->18309 18306 7ff697581240 18305->18306 18312 7ff69757f158 _get_daylight 11 API calls 18305->18312 18310 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18306->18310 18307->18311 18308->18294 18308->18305 18309->18305 18310->18269 18311->18278 18311->18294 18433 7ff6975879fc 18311->18433 18313 7ff6975811c8 18312->18313 18314 7ff6975811d9 18313->18314 18315 7ff6975811d0 18313->18315 18317 7ff69757aa3c __std_exception_copy 37 API calls 18314->18317 18316 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18315->18316 18318 7ff6975811d7 18316->18318 18319 7ff6975811e8 18317->18319 18323 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18318->18323 18320 7ff69758127b 18319->18320 18321 7ff6975811f0 18319->18321 18322 7ff69757aec4 _wfindfirst32i64 17 API calls 18320->18322 18478 7ff697587b14 18321->18478 18325 7ff69758128f 18322->18325 18323->18269 18329 7ff6975812b8 18325->18329 18336 7ff6975812c8 18325->18336 18327 7ff697581238 18332 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18327->18332 18328 7ff697581217 18330 7ff6975754c4 _get_daylight 11 API calls 18328->18330 18331 7ff6975754c4 _get_daylight 11 API calls 18329->18331 18333 7ff69758121c 18330->18333 18359 7ff6975812bd 18331->18359 18332->18306 18334 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18333->18334 18334->18318 18335 7ff6975815ab 18338 7ff6975754c4 _get_daylight 11 API calls 18335->18338 18336->18335 18337 7ff6975812ea 18336->18337 18339 7ff697581307 18337->18339 18397 7ff6975816dc 18337->18397 18340 7ff6975815b0 18338->18340 18343 7ff69758137b 18339->18343 18345 7ff69758132f 18339->18345 18349 7ff69758136f 18339->18349 18341 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18340->18341 18341->18359 18347 7ff6975813a3 18343->18347 18350 7ff69757f158 _get_daylight 11 API calls 18343->18350 18365 7ff69758133e 18343->18365 18344 7ff69758142e 18358 7ff69758144b 18344->18358 18366 7ff69758149e 18344->18366 18497 7ff697579c8c 18345->18497 18347->18349 18352 7ff69757f158 _get_daylight 11 API calls 18347->18352 18347->18365 18349->18344 18349->18365 18503 7ff6975878bc 18349->18503 18354 7ff697581395 18350->18354 18357 7ff6975813c5 18352->18357 18353 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18353->18359 18360 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18354->18360 18355 7ff697581339 18361 7ff6975754c4 _get_daylight 11 API calls 18355->18361 18356 7ff697581357 18356->18349 18364 7ff6975816dc 45 API calls 18356->18364 18362 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18357->18362 18363 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18358->18363 18360->18347 18361->18365 18362->18349 18367 7ff697581454 18363->18367 18364->18349 18365->18353 18366->18365 18368 7ff697583a4c 40 API calls 18366->18368 18370 7ff697583a4c 40 API calls 18367->18370 18373 7ff69758145a 18367->18373 18369 7ff6975814dc 18368->18369 18371 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18369->18371 18375 7ff697581486 18370->18375 18372 7ff6975814e6 18371->18372 18372->18365 18372->18373 18374 7ff69758159f 18373->18374 18378 7ff69757f158 _get_daylight 11 API calls 18373->18378 18377 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18374->18377 18376 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18375->18376 18376->18373 18377->18359 18379 7ff69758152b 18378->18379 18380 7ff69758153c 18379->18380 18381 7ff697581533 18379->18381 18383 7ff697580e54 _wfindfirst32i64 37 API calls 18380->18383 18382 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18381->18382 18384 7ff69758153a 18382->18384 18385 7ff69758154a 18383->18385 18391 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18384->18391 18386 7ff697581552 SetEnvironmentVariableW 18385->18386 18387 7ff6975815df 18385->18387 18388 7ff697581597 18386->18388 18389 7ff697581576 18386->18389 18390 7ff69757aec4 _wfindfirst32i64 17 API calls 18387->18390 18394 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18388->18394 18392 7ff6975754c4 _get_daylight 11 API calls 18389->18392 18393 7ff6975815f3 18390->18393 18391->18359 18395 7ff69758157b 18392->18395 18394->18374 18396 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18395->18396 18396->18384 18398 7ff69758171c 18397->18398 18404 7ff6975816ff 18397->18404 18399 7ff69757f158 _get_daylight 11 API calls 18398->18399 18407 7ff697581740 18399->18407 18400 7ff6975817a1 18402 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18400->18402 18401 7ff69757aa9c __GetCurrentState 45 API calls 18403 7ff6975817ca 18401->18403 18402->18404 18404->18339 18405 7ff69757f158 _get_daylight 11 API calls 18405->18407 18406 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18406->18407 18407->18400 18407->18405 18407->18406 18408 7ff697580e54 _wfindfirst32i64 37 API calls 18407->18408 18409 7ff6975817b0 18407->18409 18411 7ff6975817c4 18407->18411 18408->18407 18410 7ff69757aec4 _wfindfirst32i64 17 API calls 18409->18410 18410->18411 18411->18401 18413 7ff697581629 18412->18413 18414 7ff697581611 18412->18414 18415 7ff69757f158 _get_daylight 11 API calls 18413->18415 18414->18277 18416 7ff69758164d 18415->18416 18417 7ff6975816ae 18416->18417 18421 7ff69757f158 _get_daylight 11 API calls 18416->18421 18422 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18416->18422 18423 7ff69757aa3c __std_exception_copy 37 API calls 18416->18423 18424 7ff6975816bd 18416->18424 18426 7ff6975816d2 18416->18426 18419 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18417->18419 18418 7ff69757aa9c __GetCurrentState 45 API calls 18420 7ff6975816d8 18418->18420 18419->18414 18421->18416 18422->18416 18423->18416 18425 7ff69757aec4 _wfindfirst32i64 17 API calls 18424->18425 18425->18426 18426->18418 18428 7ff697579c60 18427->18428 18429 7ff697579c69 18427->18429 18428->18429 18527 7ff697579728 18428->18527 18429->18288 18429->18289 18434 7ff697586bac 18433->18434 18435 7ff697587a09 18433->18435 18436 7ff697586bb9 18434->18436 18441 7ff697586bef 18434->18441 18437 7ff697574f98 45 API calls 18435->18437 18439 7ff6975754c4 _get_daylight 11 API calls 18436->18439 18456 7ff697586b60 18436->18456 18438 7ff697587a3d 18437->18438 18444 7ff697587a53 18438->18444 18448 7ff697587a6a 18438->18448 18468 7ff697587a42 18438->18468 18442 7ff697586bc3 18439->18442 18440 7ff697586c19 18443 7ff6975754c4 _get_daylight 11 API calls 18440->18443 18441->18440 18445 7ff697586c3e 18441->18445 18446 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18442->18446 18447 7ff697586c1e 18443->18447 18449 7ff6975754c4 _get_daylight 11 API calls 18444->18449 18452 7ff697574f98 45 API calls 18445->18452 18459 7ff697586c29 18445->18459 18450 7ff697586bce 18446->18450 18451 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18447->18451 18454 7ff697587a86 18448->18454 18455 7ff697587a74 18448->18455 18453 7ff697587a58 18449->18453 18450->18311 18451->18459 18452->18459 18460 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18453->18460 18457 7ff697587a97 18454->18457 18458 7ff697587aae 18454->18458 18461 7ff6975754c4 _get_daylight 11 API calls 18455->18461 18456->18311 18750 7ff697586bfc 18457->18750 18759 7ff697589824 18458->18759 18459->18311 18460->18468 18464 7ff697587a79 18461->18464 18466 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18464->18466 18466->18468 18467 7ff6975754c4 _get_daylight 11 API calls 18467->18468 18468->18311 18470 7ff697583a8b 18469->18470 18471 7ff697583a6e 18469->18471 18473 7ff697583a95 18470->18473 18799 7ff697588508 18470->18799 18471->18470 18472 7ff697583a7c 18471->18472 18474 7ff6975754c4 _get_daylight 11 API calls 18472->18474 18806 7ff697580ebc 18473->18806 18476 7ff697583a81 __scrt_get_show_window_mode 18474->18476 18476->18304 18479 7ff697574f98 45 API calls 18478->18479 18480 7ff697587b7a 18479->18480 18481 7ff697587b88 18480->18481 18482 7ff69757f3e4 5 API calls 18480->18482 18483 7ff697575584 14 API calls 18481->18483 18482->18481 18484 7ff697587be4 18483->18484 18485 7ff697587c74 18484->18485 18486 7ff697574f98 45 API calls 18484->18486 18488 7ff697587c85 18485->18488 18489 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18485->18489 18487 7ff697587bf7 18486->18487 18491 7ff69757f3e4 5 API calls 18487->18491 18494 7ff697587c00 18487->18494 18490 7ff697581213 18488->18490 18492 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18488->18492 18489->18488 18490->18327 18490->18328 18491->18494 18492->18490 18493 7ff697575584 14 API calls 18495 7ff697587c5b 18493->18495 18494->18493 18495->18485 18496 7ff697587c63 SetEnvironmentVariableW 18495->18496 18496->18485 18498 7ff697579c9c 18497->18498 18502 7ff697579ca5 18497->18502 18498->18502 18818 7ff69757979c 18498->18818 18502->18355 18502->18356 18505 7ff6975878c9 18503->18505 18507 7ff6975878f6 18503->18507 18504 7ff6975878ce 18506 7ff6975754c4 _get_daylight 11 API calls 18504->18506 18505->18504 18505->18507 18509 7ff6975878d3 18506->18509 18508 7ff69758793a 18507->18508 18511 7ff697587959 18507->18511 18525 7ff69758792e __crtLCMapStringW 18507->18525 18510 7ff6975754c4 _get_daylight 11 API calls 18508->18510 18512 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18509->18512 18513 7ff69758793f 18510->18513 18514 7ff697587975 18511->18514 18515 7ff697587963 18511->18515 18516 7ff6975878de 18512->18516 18518 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18513->18518 18517 7ff697574f98 45 API calls 18514->18517 18519 7ff6975754c4 _get_daylight 11 API calls 18515->18519 18516->18349 18521 7ff697587982 18517->18521 18518->18525 18520 7ff697587968 18519->18520 18522 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18520->18522 18521->18525 18865 7ff6975893e0 18521->18865 18522->18525 18525->18349 18526 7ff6975754c4 _get_daylight 11 API calls 18526->18525 18528 7ff697579741 18527->18528 18529 7ff69757973d 18527->18529 18550 7ff697582c60 18528->18550 18529->18429 18542 7ff697579a7c 18529->18542 18534 7ff697579753 18536 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18534->18536 18535 7ff69757975f 18576 7ff69757980c 18535->18576 18536->18529 18539 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18540 7ff697579786 18539->18540 18541 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18540->18541 18541->18529 18543 7ff697579aa5 18542->18543 18548 7ff697579abe 18542->18548 18543->18429 18544 7ff6975804c8 WideCharToMultiByte 18544->18548 18545 7ff69757f158 _get_daylight 11 API calls 18545->18548 18546 7ff697579b4e 18547 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18546->18547 18547->18543 18548->18543 18548->18544 18548->18545 18548->18546 18549 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18548->18549 18549->18548 18551 7ff697582c6d 18550->18551 18552 7ff697579746 18550->18552 18595 7ff69757b7e4 18551->18595 18556 7ff697582f9c GetEnvironmentStringsW 18552->18556 18557 7ff697582fcc 18556->18557 18558 7ff69757974b 18556->18558 18559 7ff6975804c8 WideCharToMultiByte 18557->18559 18558->18534 18558->18535 18560 7ff69758301d 18559->18560 18561 7ff697583024 FreeEnvironmentStringsW 18560->18561 18562 7ff69757dbbc _fread_nolock 12 API calls 18560->18562 18561->18558 18563 7ff697583037 18562->18563 18564 7ff697583048 18563->18564 18565 7ff69758303f 18563->18565 18567 7ff6975804c8 WideCharToMultiByte 18564->18567 18566 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18565->18566 18568 7ff697583046 18566->18568 18569 7ff69758306b 18567->18569 18568->18561 18570 7ff697583079 18569->18570 18571 7ff69758306f 18569->18571 18573 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18570->18573 18572 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18571->18572 18574 7ff697583077 FreeEnvironmentStringsW 18572->18574 18573->18574 18574->18558 18577 7ff697579831 18576->18577 18578 7ff69757f158 _get_daylight 11 API calls 18577->18578 18590 7ff697579867 18578->18590 18579 7ff69757986f 18580 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18579->18580 18581 7ff697579767 18580->18581 18581->18539 18582 7ff6975798e2 18583 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18582->18583 18583->18581 18584 7ff69757f158 _get_daylight 11 API calls 18584->18590 18585 7ff6975798d1 18744 7ff697579a38 18585->18744 18586 7ff69757aa3c __std_exception_copy 37 API calls 18586->18590 18589 7ff697579907 18592 7ff69757aec4 _wfindfirst32i64 17 API calls 18589->18592 18590->18579 18590->18582 18590->18584 18590->18585 18590->18586 18590->18589 18593 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18590->18593 18591 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18591->18579 18594 7ff69757991a 18592->18594 18593->18590 18596 7ff69757b7f5 FlsGetValue 18595->18596 18597 7ff69757b810 FlsSetValue 18595->18597 18598 7ff69757b80a 18596->18598 18600 7ff69757b802 18596->18600 18599 7ff69757b81d 18597->18599 18597->18600 18598->18597 18603 7ff69757f158 _get_daylight 11 API calls 18599->18603 18601 7ff69757b808 18600->18601 18602 7ff69757aa9c __GetCurrentState 45 API calls 18600->18602 18615 7ff697582934 18601->18615 18605 7ff69757b885 18602->18605 18604 7ff69757b82c 18603->18604 18606 7ff69757b84a FlsSetValue 18604->18606 18607 7ff69757b83a FlsSetValue 18604->18607 18609 7ff69757b868 18606->18609 18610 7ff69757b856 FlsSetValue 18606->18610 18608 7ff69757b843 18607->18608 18611 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18608->18611 18612 7ff69757b4b8 _get_daylight 11 API calls 18609->18612 18610->18608 18611->18600 18613 7ff69757b870 18612->18613 18614 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18613->18614 18614->18601 18638 7ff697582ba4 18615->18638 18617 7ff697582969 18653 7ff697582634 18617->18653 18620 7ff69757dbbc _fread_nolock 12 API calls 18621 7ff697582997 18620->18621 18622 7ff69758299f 18621->18622 18624 7ff6975829ae 18621->18624 18623 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18622->18623 18636 7ff697582986 18623->18636 18624->18624 18660 7ff697582cdc 18624->18660 18627 7ff697582aaa 18628 7ff6975754c4 _get_daylight 11 API calls 18627->18628 18630 7ff697582aaf 18628->18630 18629 7ff697582b05 18637 7ff697582b6c 18629->18637 18671 7ff697582464 18629->18671 18632 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18630->18632 18631 7ff697582ac4 18631->18629 18633 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18631->18633 18632->18636 18633->18629 18635 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18635->18636 18636->18552 18637->18635 18639 7ff697582bc7 18638->18639 18640 7ff697582bd1 18639->18640 18686 7ff697580cb8 EnterCriticalSection 18639->18686 18643 7ff697582c43 18640->18643 18644 7ff69757aa9c __GetCurrentState 45 API calls 18640->18644 18643->18617 18646 7ff697582c5b 18644->18646 18648 7ff697582cb2 18646->18648 18650 7ff69757b7e4 50 API calls 18646->18650 18648->18617 18651 7ff697582c9c 18650->18651 18652 7ff697582934 65 API calls 18651->18652 18652->18648 18654 7ff697574f98 45 API calls 18653->18654 18655 7ff697582648 18654->18655 18656 7ff697582666 18655->18656 18657 7ff697582654 GetOEMCP 18655->18657 18658 7ff69758266b GetACP 18656->18658 18659 7ff69758267b 18656->18659 18657->18659 18658->18659 18659->18620 18659->18636 18661 7ff697582634 47 API calls 18660->18661 18662 7ff697582d09 18661->18662 18663 7ff697582e5f 18662->18663 18664 7ff697582d46 IsValidCodePage 18662->18664 18670 7ff697582d60 __scrt_get_show_window_mode 18662->18670 18665 7ff69756bcc0 _wfindfirst32i64 8 API calls 18663->18665 18664->18663 18666 7ff697582d57 18664->18666 18667 7ff697582aa1 18665->18667 18668 7ff697582d86 GetCPInfo 18666->18668 18666->18670 18667->18627 18667->18631 18668->18663 18668->18670 18687 7ff69758274c 18670->18687 18743 7ff697580cb8 EnterCriticalSection 18671->18743 18688 7ff697582789 GetCPInfo 18687->18688 18689 7ff69758287f 18687->18689 18688->18689 18692 7ff69758279c 18688->18692 18690 7ff69756bcc0 _wfindfirst32i64 8 API calls 18689->18690 18691 7ff69758291e 18690->18691 18691->18663 18693 7ff6975834b0 48 API calls 18692->18693 18694 7ff697582813 18693->18694 18698 7ff697588454 18694->18698 18697 7ff697588454 54 API calls 18697->18689 18699 7ff697574f98 45 API calls 18698->18699 18700 7ff697588479 18699->18700 18703 7ff697588120 18700->18703 18704 7ff697588161 18703->18704 18705 7ff69757fc00 _fread_nolock MultiByteToWideChar 18704->18705 18708 7ff6975881ab 18705->18708 18706 7ff697588429 18707 7ff69756bcc0 _wfindfirst32i64 8 API calls 18706->18707 18709 7ff697582846 18707->18709 18708->18706 18710 7ff69757dbbc _fread_nolock 12 API calls 18708->18710 18711 7ff6975881e3 18708->18711 18724 7ff6975882e1 18708->18724 18709->18697 18710->18711 18713 7ff69757fc00 _fread_nolock MultiByteToWideChar 18711->18713 18711->18724 18712 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18712->18706 18714 7ff697588256 18713->18714 18714->18724 18734 7ff69757f5a4 18714->18734 18717 7ff6975882a1 18720 7ff69757f5a4 __crtLCMapStringW 6 API calls 18717->18720 18717->18724 18718 7ff6975882f2 18719 7ff69757dbbc _fread_nolock 12 API calls 18718->18719 18721 7ff6975883c4 18718->18721 18723 7ff697588310 18718->18723 18719->18723 18720->18724 18722 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18721->18722 18721->18724 18722->18724 18723->18724 18725 7ff69757f5a4 __crtLCMapStringW 6 API calls 18723->18725 18724->18706 18724->18712 18726 7ff697588390 18725->18726 18726->18721 18727 7ff6975883b0 18726->18727 18728 7ff6975883c6 18726->18728 18729 7ff6975804c8 WideCharToMultiByte 18727->18729 18730 7ff6975804c8 WideCharToMultiByte 18728->18730 18731 7ff6975883be 18729->18731 18730->18731 18731->18721 18732 7ff6975883de 18731->18732 18732->18724 18733 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18732->18733 18733->18724 18735 7ff69757f1d0 __crtLCMapStringW 5 API calls 18734->18735 18736 7ff69757f5e2 18735->18736 18738 7ff69757f5ea 18736->18738 18740 7ff69757f690 18736->18740 18738->18717 18738->18718 18738->18724 18739 7ff69757f653 LCMapStringW 18739->18738 18741 7ff69757f1d0 __crtLCMapStringW 5 API calls 18740->18741 18742 7ff69757f6be __crtLCMapStringW 18741->18742 18742->18739 18745 7ff697579a3d 18744->18745 18746 7ff6975798d9 18744->18746 18747 7ff697579a66 18745->18747 18748 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18745->18748 18746->18591 18749 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18747->18749 18748->18745 18749->18746 18751 7ff697586c19 18750->18751 18752 7ff697586c30 18750->18752 18753 7ff6975754c4 _get_daylight 11 API calls 18751->18753 18752->18751 18754 7ff697586c3e 18752->18754 18755 7ff697586c1e 18753->18755 18757 7ff697574f98 45 API calls 18754->18757 18758 7ff697586c29 18754->18758 18756 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18755->18756 18756->18758 18757->18758 18758->18468 18760 7ff697574f98 45 API calls 18759->18760 18761 7ff697589849 18760->18761 18764 7ff6975894a0 18761->18764 18768 7ff6975894ee 18764->18768 18765 7ff69756bcc0 _wfindfirst32i64 8 API calls 18766 7ff697587ad5 18765->18766 18766->18467 18766->18468 18767 7ff697589575 18769 7ff69757fc00 _fread_nolock MultiByteToWideChar 18767->18769 18773 7ff697589579 18767->18773 18768->18767 18770 7ff697589560 GetCPInfo 18768->18770 18768->18773 18771 7ff69758960d 18769->18771 18770->18767 18770->18773 18772 7ff69757dbbc _fread_nolock 12 API calls 18771->18772 18771->18773 18774 7ff697589644 18771->18774 18772->18774 18773->18765 18774->18773 18775 7ff69757fc00 _fread_nolock MultiByteToWideChar 18774->18775 18776 7ff6975896b2 18775->18776 18777 7ff697589794 18776->18777 18778 7ff69757fc00 _fread_nolock MultiByteToWideChar 18776->18778 18777->18773 18779 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18777->18779 18780 7ff6975896d8 18778->18780 18779->18773 18780->18777 18781 7ff69757dbbc _fread_nolock 12 API calls 18780->18781 18782 7ff697589705 18780->18782 18781->18782 18782->18777 18783 7ff69757fc00 _fread_nolock MultiByteToWideChar 18782->18783 18784 7ff69758977c 18783->18784 18785 7ff697589782 18784->18785 18786 7ff69758979c 18784->18786 18785->18777 18788 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18785->18788 18793 7ff69757f428 18786->18793 18788->18777 18790 7ff6975897db 18790->18773 18792 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18790->18792 18791 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18791->18790 18792->18773 18794 7ff69757f1d0 __crtLCMapStringW 5 API calls 18793->18794 18795 7ff69757f466 18794->18795 18796 7ff69757f690 __crtLCMapStringW 5 API calls 18795->18796 18797 7ff69757f46e 18795->18797 18798 7ff69757f4d7 CompareStringW 18796->18798 18797->18790 18797->18791 18798->18797 18800 7ff697588511 18799->18800 18801 7ff69758852a HeapSize 18799->18801 18802 7ff6975754c4 _get_daylight 11 API calls 18800->18802 18803 7ff697588516 18802->18803 18804 7ff69757aea4 _invalid_parameter_noinfo 37 API calls 18803->18804 18805 7ff697588521 18804->18805 18805->18473 18807 7ff697580edb 18806->18807 18808 7ff697580ed1 18806->18808 18810 7ff697580ee0 18807->18810 18816 7ff697580ee7 _get_daylight 18807->18816 18809 7ff69757dbbc _fread_nolock 12 API calls 18808->18809 18814 7ff697580ed9 18809->18814 18811 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18810->18811 18811->18814 18812 7ff697580eed 18815 7ff6975754c4 _get_daylight 11 API calls 18812->18815 18813 7ff697580f1a HeapReAlloc 18813->18814 18813->18816 18814->18476 18815->18814 18816->18812 18816->18813 18817 7ff697583c00 _get_daylight 2 API calls 18816->18817 18817->18816 18819 7ff6975797b5 18818->18819 18830 7ff6975797b1 18818->18830 18839 7ff6975830ac GetEnvironmentStringsW 18819->18839 18822 7ff6975797c2 18824 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18822->18824 18823 7ff6975797ce 18846 7ff69757991c 18823->18846 18824->18830 18827 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18828 7ff6975797f5 18827->18828 18829 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18828->18829 18829->18830 18830->18502 18831 7ff697579b5c 18830->18831 18836 7ff697579b7f 18831->18836 18837 7ff697579b96 18831->18837 18832 7ff69757fc00 MultiByteToWideChar _fread_nolock 18832->18837 18833 7ff69757f158 _get_daylight 11 API calls 18833->18837 18834 7ff697579c0a 18835 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18834->18835 18835->18836 18836->18502 18837->18832 18837->18833 18837->18834 18837->18836 18838 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18837->18838 18838->18837 18840 7ff6975797ba 18839->18840 18841 7ff6975830d0 18839->18841 18840->18822 18840->18823 18842 7ff69757dbbc _fread_nolock 12 API calls 18841->18842 18843 7ff697583107 memcpy_s 18842->18843 18844 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18843->18844 18845 7ff697583127 FreeEnvironmentStringsW 18844->18845 18845->18840 18847 7ff697579944 18846->18847 18848 7ff69757f158 _get_daylight 11 API calls 18847->18848 18861 7ff69757997f 18848->18861 18849 7ff697579987 18850 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18849->18850 18851 7ff6975797d6 18850->18851 18851->18827 18852 7ff697579a01 18853 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18852->18853 18853->18851 18854 7ff69757f158 _get_daylight 11 API calls 18854->18861 18855 7ff6975799f0 18856 7ff697579a38 11 API calls 18855->18856 18858 7ff6975799f8 18856->18858 18857 7ff697580e54 _wfindfirst32i64 37 API calls 18857->18861 18859 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18858->18859 18859->18849 18860 7ff697579a24 18862 7ff69757aec4 _wfindfirst32i64 17 API calls 18860->18862 18861->18849 18861->18852 18861->18854 18861->18855 18861->18857 18861->18860 18863 7ff69757af0c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18861->18863 18864 7ff697579a36 18862->18864 18863->18861 18867 7ff697589409 __crtLCMapStringW 18865->18867 18866 7ff6975879be 18866->18525 18866->18526 18867->18866 18868 7ff69757f428 6 API calls 18867->18868 18868->18866 18869 7ff69756b240 18870 7ff69756b26e 18869->18870 18871 7ff69756b255 18869->18871 18871->18870 18873 7ff69757dbbc 12 API calls 18871->18873 18872 7ff69756b2cc 18873->18872

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FF697586370 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 133 7ff697586370-7ff6975863ab call 7ff697585cf8 call 7ff697585d00 call 7ff697585d68 140 7ff6975865d5-7ff697586621 call 7ff69757aec4 call 7ff697585cf8 call 7ff697585d00 call 7ff697585d68 133->140 141 7ff6975863b1-7ff6975863bc call 7ff697585d08 133->141 166 7ff697586627-7ff697586632 call 7ff697585d08 140->166 167 7ff69758675f-7ff6975867cd call 7ff69757aec4 call 7ff697581be8 140->167 141->140 146 7ff6975863c2-7ff6975863cc 141->146 148 7ff6975863ee-7ff6975863f2 146->148 149 7ff6975863ce-7ff6975863d1 146->149 151 7ff6975863f5-7ff6975863fd 148->151 152 7ff6975863d4-7ff6975863df 149->152 151->151 154 7ff6975863ff-7ff697586412 call 7ff69757dbbc 151->154 155 7ff6975863ea-7ff6975863ec 152->155 156 7ff6975863e1-7ff6975863e8 152->156 164 7ff69758642a-7ff697586436 call 7ff69757af0c 154->164 165 7ff697586414-7ff697586416 call 7ff69757af0c 154->165 155->148 159 7ff69758641b-7ff697586429 155->159 156->152 156->155 175 7ff69758643d-7ff697586445 164->175 165->159 166->167 176 7ff697586638-7ff697586643 call 7ff697585d38 166->176 185 7ff6975867db-7ff6975867de 167->185 186 7ff6975867cf-7ff6975867d6 167->186 175->175 178 7ff697586447-7ff697586458 call 7ff697580e54 175->178 176->167 187 7ff697586649-7ff69758666c call 7ff69757af0c GetTimeZoneInformation 176->187 178->140 188 7ff69758645e-7ff6975864b4 call 7ff69756d0e0 * 4 call 7ff69758628c 178->188 190 7ff697586815-7ff697586828 call 7ff69757dbbc 185->190 191 7ff6975867e0 185->191 189 7ff69758686b-7ff69758686e 186->189 203 7ff697586734-7ff69758675e call 7ff697585cf0 call 7ff697585ce0 call 7ff697585ce8 187->203 204 7ff697586672-7ff697586693 187->204 246 7ff6975864b6-7ff6975864ba 188->246 196 7ff6975867e3 call 7ff6975865ec 189->196 198 7ff697586874-7ff69758687c call 7ff697586370 189->198 207 7ff69758682a 190->207 208 7ff697586833-7ff69758684e call 7ff697581be8 190->208 191->196 209 7ff6975867e8-7ff697586814 call 7ff69757af0c call 7ff69756bcc0 196->209 198->209 210 7ff697586695-7ff69758669b 204->210 211 7ff69758669e-7ff6975866a5 204->211 215 7ff69758682c-7ff697586831 call 7ff69757af0c 207->215 231 7ff697586855-7ff697586867 call 7ff69757af0c 208->231 232 7ff697586850-7ff697586853 208->232 210->211 218 7ff6975866b9 211->218 219 7ff6975866a7-7ff6975866af 211->219 215->191 223 7ff6975866bb-7ff69758672f call 7ff69756d0e0 * 4 call 7ff6975831cc call 7ff697586884 * 2 218->223 219->218 226 7ff6975866b1-7ff6975866b7 219->226 223->203 226->223 231->189 232->215 248 7ff6975864bc 246->248 249 7ff6975864c0-7ff6975864c4 246->249 248->249 249->246 251 7ff6975864c6-7ff6975864eb call 7ff69757706c 249->251 257 7ff6975864ee-7ff6975864f2 251->257 258 7ff6975864f4-7ff6975864ff 257->258 259 7ff697586501-7ff697586505 257->259 258->259 261 7ff697586507-7ff69758650b 258->261 259->257 263 7ff69758650d-7ff697586535 call 7ff69757706c 261->263 264 7ff69758658c-7ff697586590 261->264 273 7ff697586537 263->273 274 7ff697586553-7ff697586557 263->274 266 7ff697586597-7ff6975865a4 264->266 267 7ff697586592-7ff697586594 264->267 269 7ff6975865a6-7ff6975865bc call 7ff69758628c 266->269 270 7ff6975865bf-7ff6975865ce call 7ff697585cf0 call 7ff697585ce0 266->270 267->266 269->270 270->140 277 7ff69758653a-7ff697586541 273->277 274->264 279 7ff697586559-7ff697586577 call 7ff69757706c 274->279 277->274 280 7ff697586543-7ff697586551 277->280 285 7ff697586583-7ff69758658a 279->285 280->274 280->277 285->264 286 7ff697586579-7ff69758657d 285->286 286->264 287 7ff69758657f 286->287 287->285
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6975863B5
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697585D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF697585D1C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF22
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AF0C: GetLastError.KERNEL32(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF2C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AEC4: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF69757AEA3,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757AECD
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AEC4: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF69757AEA3,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757AEF2
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF6975863A4
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697585D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF697585D7C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF69758661A
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF69758662B
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF69758663C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69758687C), ref: 00007FF697586663
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                          • Opcode ID: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                          • Instruction ID: c784e52a883a10e31b7ebec9c70f93b3f497d54e6642d3e88c9f5bf852d67234
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54e1ccf0b1e099ab2aef5fd1d20d70d6c7b19d4e9a74b58f9fc53268ba567377
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01D1D062E28242C6EBB4AF26D8512F923A1FF44BD4F848175EA4DC7A96DF3CE441C740
                                                                                                                                                                                                                                          Function 00007FF6975872BC Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 318 7ff6975872bc-7ff69758732f call 7ff697586ff0 321 7ff697587349-7ff697587353 call 7ff697578434 318->321 322 7ff697587331-7ff69758733a call 7ff6975754a4 318->322 328 7ff697587355-7ff69758736c call 7ff6975754a4 call 7ff6975754c4 321->328 329 7ff69758736e-7ff6975873d7 CreateFileW 321->329 327 7ff69758733d-7ff697587344 call 7ff6975754c4 322->327 344 7ff69758768a-7ff6975876aa 327->344 328->327 330 7ff6975873d9-7ff6975873df 329->330 331 7ff697587454-7ff69758745f GetFileType 329->331 334 7ff697587421-7ff69758744f GetLastError call 7ff697575438 330->334 335 7ff6975873e1-7ff6975873e5 330->335 337 7ff6975874b2-7ff6975874b9 331->337 338 7ff697587461-7ff69758749c GetLastError call 7ff697575438 CloseHandle 331->338 334->327 335->334 342 7ff6975873e7-7ff69758741f CreateFileW 335->342 340 7ff6975874bb-7ff6975874bf 337->340 341 7ff6975874c1-7ff6975874c4 337->341 338->327 353 7ff6975874a2-7ff6975874ad call 7ff6975754c4 338->353 348 7ff6975874ca-7ff69758751f call 7ff69757834c 340->348 341->348 349 7ff6975874c6 341->349 342->331 342->334 356 7ff697587521-7ff69758752d call 7ff6975871f8 348->356 357 7ff69758753e-7ff69758756f call 7ff697586d70 348->357 349->348 353->327 356->357 365 7ff69758752f 356->365 363 7ff697587575-7ff6975875b7 357->363 364 7ff697587571-7ff697587573 357->364 367 7ff6975875d9-7ff6975875e4 363->367 368 7ff6975875b9-7ff6975875bd 363->368 366 7ff697587531-7ff697587539 call 7ff69757b084 364->366 365->366 366->344 370 7ff6975875ea-7ff6975875ee 367->370 371 7ff697587688 367->371 368->367 369 7ff6975875bf-7ff6975875d4 368->369 369->367 370->371 373 7ff6975875f4-7ff697587639 CloseHandle CreateFileW 370->373 371->344 375 7ff69758763b-7ff697587669 GetLastError call 7ff697575438 call 7ff697578574 373->375 376 7ff69758766e-7ff697587683 373->376 375->376 376->371
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1617910340-0
                                                                                                                                                                                                                                          • Opcode ID: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                          • Instruction ID: 25ea96b24fb58c5a761b2db6e44a1510ebf046904912be75f8cddcf1d4afa348
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1d4f06f2925cf98ba43065425f03779d4007acc0884ea13a9d80746d18551ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60C1C332B24A4686EBA0CFA8D4815AC3761FB89BE8F054675DE2E973E5DF38D051C300
                                                                                                                                                                                                                                          Function 00007FF697567950 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 141COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000000,?,00000000,00000000,?,00007FF69756154F), ref: 00007FF6975679E7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697567B60: GetEnvironmentVariableW.KERNEL32(00007FF697563A1F), ref: 00007FF697567B9A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697567B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF697567BB7
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697577DEC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF697577E05
                                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32 ref: 00007FF697567AA1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697562B30: MessageBoxW.USER32 ref: 00007FF697562C05
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                          • API String ID: 3752271684-1116378104
                                                                                                                                                                                                                                          • Opcode ID: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                          • Instruction ID: e4619908ec8a8c039043e995cf834a21aece5031fe91a12c4f63ba5d5508d65f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a027e6aea258c43f07e2bc9a46543fc38ad0f37717e376dcca62c7854c850c7b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8051A711B1964346FDF5AB66A8152FE6291DFC8BD0F4444B1ED0ECB7A7EE2CEA018700
                                                                                                                                                                                                                                          Function 00007FF6975865EC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 766 7ff6975865ec-7ff697586621 call 7ff697585cf8 call 7ff697585d00 call 7ff697585d68 773 7ff697586627-7ff697586632 call 7ff697585d08 766->773 774 7ff69758675f-7ff6975867cd call 7ff69757aec4 call 7ff697581be8 766->774 773->774 779 7ff697586638-7ff697586643 call 7ff697585d38 773->779 785 7ff6975867db-7ff6975867de 774->785 786 7ff6975867cf-7ff6975867d6 774->786 779->774 787 7ff697586649-7ff69758666c call 7ff69757af0c GetTimeZoneInformation 779->787 789 7ff697586815-7ff697586828 call 7ff69757dbbc 785->789 790 7ff6975867e0 785->790 788 7ff69758686b-7ff69758686e 786->788 799 7ff697586734-7ff69758675e call 7ff697585cf0 call 7ff697585ce0 call 7ff697585ce8 787->799 800 7ff697586672-7ff697586693 787->800 793 7ff6975867e3 call 7ff6975865ec 788->793 795 7ff697586874-7ff69758687c call 7ff697586370 788->795 802 7ff69758682a 789->802 803 7ff697586833-7ff69758684e call 7ff697581be8 789->803 790->793 804 7ff6975867e8-7ff697586814 call 7ff69757af0c call 7ff69756bcc0 793->804 795->804 805 7ff697586695-7ff69758669b 800->805 806 7ff69758669e-7ff6975866a5 800->806 809 7ff69758682c-7ff697586831 call 7ff69757af0c 802->809 823 7ff697586855-7ff697586867 call 7ff69757af0c 803->823 824 7ff697586850-7ff697586853 803->824 805->806 812 7ff6975866b9 806->812 813 7ff6975866a7-7ff6975866af 806->813 809->790 816 7ff6975866bb-7ff69758672f call 7ff69756d0e0 * 4 call 7ff6975831cc call 7ff697586884 * 2 812->816 813->812 819 7ff6975866b1-7ff6975866b7 813->819 816->799 819->816 823->788 824->809
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF69758661A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697585D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF697585D7C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF69758662B
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697585D08: _invalid_parameter_noinfo.LIBCMT ref: 00007FF697585D1C
                                                                                                                                                                                                                                          • _get_daylight.LIBCMT ref: 00007FF69758663C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697585D38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF697585D4C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF22
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AF0C: GetLastError.KERNEL32(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF2C
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF69758687C), ref: 00007FF697586663
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                          • Opcode ID: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                          • Instruction ID: 887bcba63f6cca972825d11d344e8f705af2051f1b338ce4ca38e35d4881294e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d89d275585cbbb59bda8e874ee0f2677ffedd79ad2d8aa11b56fbb7743459a01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2518E72A28642C6E7B4EF22E8815A973A1FF487D4F408175EA4DC7696DF3CE501C780
                                                                                                                                                                                                                                          Function 00007FF697580F38 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1010374628-0
                                                                                                                                                                                                                                          • Opcode ID: 56fc9483a7ee5f7c3b0f0c385ec77c25c48e109e1d7b119d188e83d6dac66eb5
                                                                                                                                                                                                                                          • Instruction ID: b85656fa72fcf11d86b9db1e83159d10214512f642681cb34b9261199672c410
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56fc9483a7ee5f7c3b0f0c385ec77c25c48e109e1d7b119d188e83d6dac66eb5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2028021F2D74782FAF5AB2594016B92694EF41BE0F1486B9DD6EC77D2EE3CE4028350
                                                                                                                                                                                                                                          Function 00007FF697561710 Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 7ff697561710-7ff697561724 1 7ff697561726-7ff69756173d call 7ff697562b30 0->1 2 7ff69756173e-7ff697561742 0->2 4 7ff697561768-7ff69756178b call 7ff697567c10 2->4 5 7ff697561744-7ff69756174d call 7ff6975612b0 2->5 13 7ff69756178d-7ff6975617b8 call 7ff697562890 4->13 14 7ff6975617b9-7ff6975617d4 call 7ff697563fd0 4->14 11 7ff69756175f-7ff697561767 5->11 12 7ff69756174f-7ff69756175a call 7ff697562b30 5->12 12->11 20 7ff6975617d6-7ff6975617e9 call 7ff697562b30 14->20 21 7ff6975617ee-7ff697561801 call 7ff697570814 14->21 26 7ff69756192f-7ff697561932 call 7ff69757018c 20->26 27 7ff697561823-7ff697561827 21->27 28 7ff697561803-7ff69756181e call 7ff697562890 21->28 36 7ff697561937-7ff69756194e 26->36 31 7ff697561829-7ff697561835 call 7ff697561050 27->31 32 7ff697561841-7ff697561861 call 7ff697574f90 27->32 39 7ff697561927-7ff69756192a call 7ff69757018c 28->39 37 7ff69756183a-7ff69756183c 31->37 40 7ff697561863-7ff69756187d call 7ff697562890 32->40 41 7ff697561882-7ff697561888 32->41 37->39 39->26 49 7ff69756191d-7ff697561922 40->49 44 7ff697561915-7ff697561918 call 7ff697574f7c 41->44 45 7ff69756188e-7ff697561897 41->45 44->49 48 7ff6975618a0-7ff6975618c2 call 7ff6975704dc 45->48 52 7ff6975618f5-7ff6975618fc 48->52 53 7ff6975618c4-7ff6975618dc call 7ff697570c1c 48->53 49->39 54 7ff697561903-7ff69756190b call 7ff697562890 52->54 58 7ff6975618e5-7ff6975618f3 53->58 59 7ff6975618de-7ff6975618e1 53->59 62 7ff697561910 54->62 58->54 59->48 61 7ff6975618e3 59->61 61->62 62->44
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc$pyi_arch_extract2fs was called before temporary directory was initialized!
                                                                                                                                                                                                                                          • API String ID: 2030045667-3833288071
                                                                                                                                                                                                                                          • Opcode ID: bea1218080f229cfa34f42f7278fc204acd179b80b4e7937a704de77ccb1faf1
                                                                                                                                                                                                                                          • Instruction ID: e6051b3600c23c2c8aa8fde39e1d3255c31a2690069a984ed32ab83e0bce1375
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bea1218080f229cfa34f42f7278fc204acd179b80b4e7937a704de77ccb1faf1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3518961F1864286FAB09B26E8502B973A5FF45BD4F4445B1EE0CC77A6EE3CE649C700
                                                                                                                                                                                                                                          Function 00007FF697568950 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000100000001,00007FF69756414C,00007FF697567911,?,00007FF697567D26,?,00007FF697561785), ref: 00007FF697568990
                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF6975689A1
                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF6975689C3
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF6975689CD
                                                                                                                                                                                                                                          • GetTokenInformation.KERNELBASE(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF697568A0A
                                                                                                                                                                                                                                          • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF697568A1C
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF697568A34
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF697568A66
                                                                                                                                                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF697568A8D
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00007FF697567D26,?,00007FF697561785), ref: 00007FF697568A9E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                                                                          • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                                                                          • API String ID: 4998090-2855260032
                                                                                                                                                                                                                                          • Opcode ID: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                          • Instruction ID: 9b033b3a5615d1a73728ddbd5aebe45aa2c5cfdc1e950bc72963868ad3a3da23
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d301874694f13eee612efc427f36135b77fc192910b60788b949b6aa4b4f411
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4416231618B8682EBB09F50F4446AA7361FF847E4F541271EA6E876E5EF3CE544C740
                                                                                                                                                                                                                                          Function 00007FF697561AA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock$Message
                                                                                                                                                                                                                                          • String ID: Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 677216364-1384898525
                                                                                                                                                                                                                                          • Opcode ID: e07f998c53de3eaed4ef031125ba1a47cdc9cc8d965eefd14634caacf5d27d33
                                                                                                                                                                                                                                          • Instruction ID: 26dfb3ca9a216f739de76d1806817b8b96e22aacbaff8e8e10741434deddca59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e07f998c53de3eaed4ef031125ba1a47cdc9cc8d965eefd14634caacf5d27d33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD515B72A1964286EBB4DF29E4501BC73A0EF48BC4B558175DA0CC77A9EE7CE940CB44
                                                                                                                                                                                                                                          Function 00007FF697568080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 90processsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                                          • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                                                                          • API String ID: 2895956056-3524285272
                                                                                                                                                                                                                                          • Opcode ID: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                          • Instruction ID: 990d2f91533c141f7c0dcdefa2d91196807d472b9270ddc85b1c8eb15b3c7449
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43f1d35e7fbf24803adac071d2ce953c020152e2d40e2e5a1956faa0815d12d1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6417531A18B8282DA709B24F4552AAB3A4FF943A0F504335E6AD87BE5EF7CD144CB40
                                                                                                                                                                                                                                          Function 00007FF697561000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 381 7ff697561000-7ff6975639d6 call 7ff69756ff60 call 7ff69756ff58 call 7ff6975686b0 call 7ff69756ff58 call 7ff69756bc60 call 7ff6975752f0 call 7ff697575ef8 call 7ff697561eb0 399 7ff6975639dc-7ff6975639ec call 7ff697563ec0 381->399 400 7ff697563ad2 381->400 399->400 406 7ff6975639f2-7ff697563a05 call 7ff697563d90 399->406 401 7ff697563ad7-7ff697563af7 call 7ff69756bcc0 400->401 406->400 409 7ff697563a0b-7ff697563a32 call 7ff697567b60 406->409 412 7ff697563a74-7ff697563a9c call 7ff697568040 call 7ff697561cb0 409->412 413 7ff697563a34-7ff697563a43 call 7ff697567b60 409->413 424 7ff697563aa2-7ff697563ab8 call 7ff697561cb0 412->424 425 7ff697563b71-7ff697563b82 412->425 413->412 419 7ff697563a45-7ff697563a4b 413->419 420 7ff697563a4d-7ff697563a55 419->420 421 7ff697563a57-7ff697563a71 call 7ff697574f7c call 7ff697568040 419->421 420->421 421->412 440 7ff697563aba-7ff697563acd call 7ff697562b30 424->440 441 7ff697563af8-7ff697563afb 424->441 427 7ff697563b84-7ff697563b8b 425->427 428 7ff697563b9e-7ff697563ba1 425->428 427->428 431 7ff697563b8d-7ff697563b90 call 7ff6975614f0 427->431 432 7ff697563bb7-7ff697563bcf call 7ff697568ae0 428->432 433 7ff697563ba3-7ff697563ba9 428->433 444 7ff697563b95-7ff697563b98 431->444 449 7ff697563be2-7ff697563be9 SetDllDirectoryW 432->449 450 7ff697563bd1-7ff697563bdd call 7ff697562b30 432->450 437 7ff697563bab-7ff697563bb5 433->437 438 7ff697563bef-7ff697563bfc call 7ff697566de0 433->438 437->432 437->438 451 7ff697563c47-7ff697563c4c call 7ff697566d60 438->451 452 7ff697563bfe-7ff697563c0b call 7ff697566a90 438->452 440->400 441->425 443 7ff697563afd-7ff697563b14 call 7ff697563fd0 441->443 457 7ff697563b1b-7ff697563b47 call 7ff6975682b0 443->457 458 7ff697563b16-7ff697563b19 443->458 444->400 444->428 449->438 450->400 460 7ff697563c51-7ff697563c54 451->460 452->451 467 7ff697563c0d-7ff697563c1c call 7ff6975665f0 452->467 457->425 473 7ff697563b49-7ff697563b51 call 7ff69757018c 457->473 462 7ff697563b56-7ff697563b6c call 7ff697562b30 458->462 465 7ff697563c5a-7ff697563c67 460->465 466 7ff697563d06-7ff697563d15 call 7ff6975634c0 460->466 462->400 470 7ff697563c70-7ff697563c7a 465->470 466->400 483 7ff697563d1b-7ff697563d4d call 7ff697567fd0 call 7ff697567b60 call 7ff697563620 call 7ff697568080 466->483 481 7ff697563c3d-7ff697563c42 call 7ff697566840 467->481 482 7ff697563c1e-7ff697563c2a call 7ff697566570 467->482 474 7ff697563c7c-7ff697563c81 470->474 475 7ff697563c83-7ff697563c85 470->475 473->462 474->470 474->475 479 7ff697563c87-7ff697563caa call 7ff697561ef0 475->479 480 7ff697563cd1-7ff697563d01 call 7ff697563620 call 7ff697563460 call 7ff697563610 call 7ff697566840 call 7ff697566d60 475->480 479->400 495 7ff697563cb0-7ff697563cba 479->495 480->401 481->451 482->481 496 7ff697563c2c-7ff697563c3b call 7ff697566c30 482->496 509 7ff697563d52-7ff697563d6f call 7ff697566840 call 7ff697566d60 483->509 500 7ff697563cc0-7ff697563ccf 495->500 496->460 500->480 500->500 517 7ff697563d7d-7ff697563d87 call 7ff697561e80 509->517 518 7ff697563d71-7ff697563d78 call 7ff697567d40 509->518 517->401 518->517
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697563EC0: GetModuleFileNameW.KERNEL32(?,00007FF6975639EA), ref: 00007FF697563EF1
                                                                                                                                                                                                                                          • SetDllDirectoryW.KERNEL32 ref: 00007FF697563BE9
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697567B60: GetEnvironmentVariableW.KERNEL32(00007FF697563A1F), ref: 00007FF697567B9A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697567B60: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF697567BB7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                                                                          • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                                                                          • API String ID: 2344891160-3602715111
                                                                                                                                                                                                                                          • Opcode ID: 42c018fafdb9e6edbe6d1e0f8437c7826ce010b3e8aef323e665998f8f8b76d8
                                                                                                                                                                                                                                          • Instruction ID: b62b06bcf063d3039ccbda5c91710c03a8a31f133e3e29d779531cc989282f99
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42c018fafdb9e6edbe6d1e0f8437c7826ce010b3e8aef323e665998f8f8b76d8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAB16D21A2D68A81FAF5AB21D5512FD72A0FF947C4F4401B1EA4DC76A6EE2CEB05C740
                                                                                                                                                                                                                                          Function 00007FF697561050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 522 7ff697561050-7ff6975610ab call 7ff69756b4e0 525 7ff6975610ad-7ff6975610d2 call 7ff697562b30 522->525 526 7ff6975610d3-7ff6975610eb call 7ff697574f90 522->526 531 7ff6975610ed-7ff697561104 call 7ff697562890 526->531 532 7ff697561109-7ff697561119 call 7ff697574f90 526->532 537 7ff69756126c-7ff697561281 call 7ff69756b1c0 call 7ff697574f7c * 2 531->537 538 7ff69756111b-7ff697561132 call 7ff697562890 532->538 539 7ff697561137-7ff697561147 532->539 555 7ff697561286-7ff6975612a0 537->555 538->537 542 7ff697561150-7ff697561175 call 7ff6975704dc 539->542 548 7ff69756117b-7ff697561185 call 7ff697570250 542->548 549 7ff69756125e 542->549 548->549 556 7ff69756118b-7ff697561197 548->556 553 7ff697561264 549->553 553->537 557 7ff6975611a0-7ff6975611c8 call 7ff697569990 556->557 560 7ff6975611ca-7ff6975611cd 557->560 561 7ff697561241-7ff69756125c call 7ff697562b30 557->561 562 7ff69756123c 560->562 563 7ff6975611cf-7ff6975611d9 560->563 561->553 562->561 565 7ff6975611db-7ff6975611e8 call 7ff697570c1c 563->565 566 7ff697561203-7ff697561206 563->566 573 7ff6975611ed-7ff6975611f0 565->573 568 7ff697561219-7ff69756121e 566->568 569 7ff697561208-7ff697561216 call 7ff69756ca40 566->569 568->557 572 7ff697561220-7ff697561223 568->572 569->568 575 7ff697561237-7ff69756123a 572->575 576 7ff697561225-7ff697561228 572->576 577 7ff6975611f2-7ff6975611fc call 7ff697570250 573->577 578 7ff6975611fe-7ff697561201 573->578 575->553 576->561 579 7ff69756122a-7ff697561232 576->579 577->568 577->578 578->561 579->542
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: 1.2.13$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                          • API String ID: 2030045667-1655038675
                                                                                                                                                                                                                                          • Opcode ID: 20f07d5497f98b98d29e47cc3211355221ae8af9de98a618917402c82fb68268
                                                                                                                                                                                                                                          • Instruction ID: 17b5a8c9c8770fba6c7371bfae5018e0044b45de810fe96ec566225e95efee25
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20f07d5497f98b98d29e47cc3211355221ae8af9de98a618917402c82fb68268
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0851E162A0868286EAB09B52E4403BE7392FF847D4F4441B1EE4DC7795EF3CE645C740
                                                                                                                                                                                                                                          Function 00007FF69757C01C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 653 7ff69757c01c-7ff69757c042 654 7ff69757c05d-7ff69757c061 653->654 655 7ff69757c044-7ff69757c058 call 7ff6975754a4 call 7ff6975754c4 653->655 657 7ff69757c437-7ff69757c443 call 7ff6975754a4 call 7ff6975754c4 654->657 658 7ff69757c067-7ff69757c06e 654->658 671 7ff69757c44e 655->671 677 7ff69757c449 call 7ff69757aea4 657->677 658->657 660 7ff69757c074-7ff69757c0a2 658->660 660->657 663 7ff69757c0a8-7ff69757c0af 660->663 666 7ff69757c0c8-7ff69757c0cb 663->666 667 7ff69757c0b1-7ff69757c0c3 call 7ff6975754a4 call 7ff6975754c4 663->667 669 7ff69757c433-7ff69757c435 666->669 670 7ff69757c0d1-7ff69757c0d7 666->670 667->677 674 7ff69757c451-7ff69757c468 669->674 670->669 675 7ff69757c0dd-7ff69757c0e0 670->675 671->674 675->667 678 7ff69757c0e2-7ff69757c107 675->678 677->671 681 7ff69757c13a-7ff69757c141 678->681 682 7ff69757c109-7ff69757c10b 678->682 686 7ff69757c116-7ff69757c12d call 7ff6975754a4 call 7ff6975754c4 call 7ff69757aea4 681->686 687 7ff69757c143-7ff69757c16b call 7ff69757dbbc call 7ff69757af0c * 2 681->687 684 7ff69757c10d-7ff69757c114 682->684 685 7ff69757c132-7ff69757c138 682->685 684->685 684->686 690 7ff69757c1b8-7ff69757c1cf 685->690 718 7ff69757c2c0 686->718 714 7ff69757c16d-7ff69757c183 call 7ff6975754c4 call 7ff6975754a4 687->714 715 7ff69757c188-7ff69757c1b3 call 7ff69757c844 687->715 693 7ff69757c24a-7ff69757c254 call 7ff697583f8c 690->693 694 7ff69757c1d1-7ff69757c1d9 690->694 706 7ff69757c25a-7ff69757c26f 693->706 707 7ff69757c2de 693->707 694->693 695 7ff69757c1db-7ff69757c1dd 694->695 695->693 699 7ff69757c1df-7ff69757c1f5 695->699 699->693 703 7ff69757c1f7-7ff69757c203 699->703 703->693 708 7ff69757c205-7ff69757c207 703->708 706->707 712 7ff69757c271-7ff69757c283 GetConsoleMode 706->712 710 7ff69757c2e3-7ff69757c303 ReadFile 707->710 708->693 713 7ff69757c209-7ff69757c221 708->713 716 7ff69757c3fd-7ff69757c406 GetLastError 710->716 717 7ff69757c309-7ff69757c311 710->717 712->707 719 7ff69757c285-7ff69757c28d 712->719 713->693 723 7ff69757c223-7ff69757c22f 713->723 714->718 715->690 720 7ff69757c408-7ff69757c41e call 7ff6975754c4 call 7ff6975754a4 716->720 721 7ff69757c423-7ff69757c426 716->721 717->716 725 7ff69757c317 717->725 722 7ff69757c2c3-7ff69757c2cd call 7ff69757af0c 718->722 719->710 727 7ff69757c28f-7ff69757c2b1 ReadConsoleW 719->727 720->718 731 7ff69757c42c-7ff69757c42e 721->731 732 7ff69757c2b9-7ff69757c2bb call 7ff697575438 721->732 722->674 723->693 730 7ff69757c231-7ff69757c233 723->730 734 7ff69757c31e-7ff69757c333 725->734 736 7ff69757c2b3 GetLastError 727->736 737 7ff69757c2d2-7ff69757c2dc 727->737 730->693 741 7ff69757c235-7ff69757c245 730->741 731->722 732->718 734->722 743 7ff69757c335-7ff69757c340 734->743 736->732 737->734 741->693 746 7ff69757c367-7ff69757c36f 743->746 747 7ff69757c342-7ff69757c35b call 7ff69757bc34 743->747 748 7ff69757c3eb-7ff69757c3f8 call 7ff69757ba74 746->748 749 7ff69757c371-7ff69757c383 746->749 755 7ff69757c360-7ff69757c362 747->755 748->755 752 7ff69757c385 749->752 753 7ff69757c3de-7ff69757c3e6 749->753 756 7ff69757c38a-7ff69757c391 752->756 753->722 755->722 758 7ff69757c3cd-7ff69757c3d8 756->758 759 7ff69757c393-7ff69757c397 756->759 758->753 760 7ff69757c399-7ff69757c3a0 759->760 761 7ff69757c3b3 759->761 760->761 762 7ff69757c3a2-7ff69757c3a6 760->762 763 7ff69757c3b9-7ff69757c3c9 761->763 762->761 764 7ff69757c3a8-7ff69757c3b1 762->764 763->756 765 7ff69757c3cb 763->765 764->763 765->753
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                          • Instruction ID: 4bd740fd0c0ce5b09a2efe93a55a75f1757d29a2b0b213761b8e0856e3a4d4f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be7416da91f84ed5bfdd546aa92e4ee07cb2f4e154380db95b5ab7bb0620c26f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC1F232E0C78692EBF09B5594012BD7BA9EF81BD0F5581B1DA8E87792DF7DE8458300
                                                                                                                                                                                                                                          Function 00007FF69757D520 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 876 7ff69757d520-7ff69757d545 877 7ff69757d54b-7ff69757d54e 876->877 878 7ff69757d813 876->878 879 7ff69757d587-7ff69757d5b3 877->879 880 7ff69757d550-7ff69757d582 call 7ff69757add8 877->880 881 7ff69757d815-7ff69757d825 878->881 883 7ff69757d5b5-7ff69757d5bc 879->883 884 7ff69757d5be-7ff69757d5c4 879->884 880->881 883->880 883->884 886 7ff69757d5c6-7ff69757d5cf call 7ff69757c8e0 884->886 887 7ff69757d5d4-7ff69757d5e9 call 7ff697583f8c 884->887 886->887 891 7ff69757d703-7ff69757d70c 887->891 892 7ff69757d5ef-7ff69757d5f8 887->892 894 7ff69757d760-7ff69757d785 WriteFile 891->894 895 7ff69757d70e-7ff69757d714 891->895 892->891 893 7ff69757d5fe-7ff69757d602 892->893 896 7ff69757d604-7ff69757d60c call 7ff697574900 893->896 897 7ff69757d613-7ff69757d61e 893->897 898 7ff69757d787-7ff69757d78d GetLastError 894->898 899 7ff69757d790 894->899 900 7ff69757d74c-7ff69757d75e call 7ff69757cfd8 895->900 901 7ff69757d716-7ff69757d719 895->901 896->897 905 7ff69757d620-7ff69757d629 897->905 906 7ff69757d62f-7ff69757d644 GetConsoleMode 897->906 898->899 908 7ff69757d793 899->908 923 7ff69757d6f0-7ff69757d6f7 900->923 902 7ff69757d71b-7ff69757d71e 901->902 903 7ff69757d738-7ff69757d74a call 7ff69757d1f8 901->903 909 7ff69757d7a4-7ff69757d7ae 902->909 910 7ff69757d724-7ff69757d736 call 7ff69757d0dc 902->910 903->923 905->891 905->906 913 7ff69757d6fc 906->913 914 7ff69757d64a-7ff69757d650 906->914 916 7ff69757d798 908->916 917 7ff69757d80c-7ff69757d811 909->917 918 7ff69757d7b0-7ff69757d7b5 909->918 910->923 913->891 921 7ff69757d6d9-7ff69757d6eb call 7ff69757cb60 914->921 922 7ff69757d656-7ff69757d659 914->922 924 7ff69757d79d 916->924 917->881 925 7ff69757d7b7-7ff69757d7ba 918->925 926 7ff69757d7e3-7ff69757d7ed 918->926 921->923 929 7ff69757d65b-7ff69757d65e 922->929 930 7ff69757d664-7ff69757d672 922->930 923->916 924->909 931 7ff69757d7bc-7ff69757d7cb 925->931 932 7ff69757d7d3-7ff69757d7de call 7ff697575480 925->932 933 7ff69757d7f4-7ff69757d803 926->933 934 7ff69757d7ef-7ff69757d7f2 926->934 929->924 929->930 935 7ff69757d674 930->935 936 7ff69757d6d0-7ff69757d6d4 930->936 931->932 932->926 933->917 934->878 934->933 938 7ff69757d678-7ff69757d68f call 7ff697584058 935->938 936->908 942 7ff69757d6c7-7ff69757d6cd GetLastError 938->942 943 7ff69757d691-7ff69757d69d 938->943 942->936 944 7ff69757d6bc-7ff69757d6c3 943->944 945 7ff69757d69f-7ff69757d6b1 call 7ff697584058 943->945 944->936 947 7ff69757d6c5 944->947 945->942 949 7ff69757d6b3-7ff69757d6ba 945->949 947->938 949->944
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69757D50B), ref: 00007FF69757D63C
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,00000000,00000000,00007FF69757D50B), ref: 00007FF69757D6C7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 953036326-0
                                                                                                                                                                                                                                          • Opcode ID: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                          • Instruction ID: 6cb519ec5c3a9a81b9d71b5e72efc96a3ae9ffe47728e387a7cd797f3edf737e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c71bbc92960716eb9d411b0b48861d3e4dcea1db34bc3604978879cc3cc685b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6691B572F18B918AF7B09F6594806BD2BA0FB44BD8F5481B9DE0EA7695DF38D442C700
                                                                                                                                                                                                                                          Function 00007FF69757FCEC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4170891091-0
                                                                                                                                                                                                                                          • Opcode ID: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                          • Instruction ID: 644f0fcb460a35dd7622cd4ec4965072bd32bde4870a6b47f00a727ac3f82458
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 576313037ba361094b23b779854add166a997b8059c5947e2a7d8f77b38f16ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA51C372F042128AFBB8DF2499557BC37A5EB50398F508179DD1E96AE6DF38A503C700
                                                                                                                                                                                                                                          Function 00007FF697575854 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2780335769-0
                                                                                                                                                                                                                                          • Opcode ID: 3c2c438fc886d9266b26b1d77d473080d340d464ba6af73c9b4e0904225c3da2
                                                                                                                                                                                                                                          • Instruction ID: 96ad26f6bd139a087d5acd0aa1659d67529e5cebb16c2efb613a10163fd4a646
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c2c438fc886d9266b26b1d77d473080d340d464ba6af73c9b4e0904225c3da2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6517BA2E187428AFBA0DF71D4503BD33A1EB48BA8F248575DE4D9B699DF38D481C700
                                                                                                                                                                                                                                          Function 00007FF69756C07C Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1452418845-0
                                                                                                                                                                                                                                          • Opcode ID: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                          • Instruction ID: 8737fac335e26609a5cc9c7420f8368249b9ed5c461a58e0900ad7dcbe955d90
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 416c85195b1c4a12d0bca0f9f3e62a22dfdeb9afd9333f8228f8268f9139cf84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC314A61E0C24382FAF4BB6498523B93391EF457C4F4444B5E90ECB2E7DE2EB644C251
                                                                                                                                                                                                                                          Function 00007FF697575700 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279662727-0
                                                                                                                                                                                                                                          • Opcode ID: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                          • Instruction ID: d8156d8e1682286065df0837ec6439813e29e06012476f13c59cdeecfee6f2fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e99df99e7301f39d701a276f02ef329721f1d5d609599a82ba0c959db36bcb5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D641A162D1878283F7A48B2195103B96361FF947E4F10D374EA9C87AD6EF7CA5E08740
                                                                                                                                                                                                                                          Function 00007FF69757027C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
                                                                                                                                                                                                                                          • Instruction ID: 8d1dfb962ece5cfdc78bfe1271f6a6f672871bd58df684aa4273198c6d8e000c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7abeb8fe783ee1c87e05308e58bf334fc2d3c30e054771bdd4fe3d83d7422279
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C351C162A0969687EEB89F26950567A62D2FF84BF4F14C674DD6C877C5CE3CE4018600
                                                                                                                                                                                                                                          Function 00007FF69757C6F4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                                                                                          • Opcode ID: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                          • Instruction ID: 4404752e83ebe15a5792dbc9efa309f003bed142ca1b96bad637d9acf9d681f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b08d68fc7a6d73a6a6e4925e4a9dc39ae2e5fb86b78546c657aad159ae176ccc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E11E362B18B8181EAA08B25F4041697365EB44BF4F548375EEBD8B7D9DF3CE0518740
                                                                                                                                                                                                                                          Function 00007FF6975759FC Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF697575911), ref: 00007FF697575A2F
                                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF697575911), ref: 00007FF697575A45
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                                                          • Opcode ID: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                          • Instruction ID: abcaa85f7e1182cced8bdfb466191e0a0820dac0c61704f80981557f545ba800
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01955a0fff7c8d04301666730a5fae84f6474b835d1eccbedadb07c42297a861
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4111A3B261C64282EBB48B10A45117EB7A0FB847F1F504275FA9EC59E8EF3CE044CB00
                                                                                                                                                                                                                                          Function 00007FF69757AF0C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF22
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF2C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                          • Instruction ID: ed95976f57d37f5995ff0f577ef3489c68ac2179f73cb8370085b942978bddde
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfb090b2684f97747e4e2589e7b79ee9627266c2664004addae3296ee4c2c8e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBE08C94F0920683FFB8ABB698460791155DF88BC2F4084F4D80EC62A2EE2C68868210
                                                                                                                                                                                                                                          Function 00007FF69757B11C Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,00007FF69757AF99,?,?,00000000,00007FF69757B04E), ref: 00007FF69757B18A
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF69757AF99,?,?,00000000,00007FF69757B04E), ref: 00007FF69757B194
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                          • Instruction ID: 11609717d8849f857f7278628db6d9ac397eeb8e8bb9c58bf22c8d247b7b5228
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b40b4e21971f44bf7084fa7db8f9dedbad63d491ac625d0e9d3072d74158efd6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D21E421F2868251FEF49761A49427D1283EF84BE4F04C3B5DA2EC77D2EE6CE4458341
                                                                                                                                                                                                                                          Function 00007FF69757C46C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                          • Instruction ID: 7b89e0851d2642818a8788c6bb32dd545ff4abb1468d96bce9f13e083a78923e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c27d5487ee8182774302d92aae2f9046d2b98e9277a8b83ca44002d61502fcf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8241047291824187EAB4DB29E54127973A9EF56BC1F508271DB8EC77D1CF2DE402CB90
                                                                                                                                                                                                                                          Function 00007FF6975682B0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 840049012-0
                                                                                                                                                                                                                                          • Opcode ID: 0fe9bd809d16dbb081c5160e2147b47f25fe8d51a8aa5299c63491277047e199
                                                                                                                                                                                                                                          • Instruction ID: 9b7ac3ce9f95d1ae92782a30f1ead558e917a4a680305f4c74265c878367e9e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fe9bd809d16dbb081c5160e2147b47f25fe8d51a8aa5299c63491277047e199
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F21B221B0869646FEB09B1269047FAB691FF45BD8F8C94B0EE0D87786DE3CF541C608
                                                                                                                                                                                                                                          Function 00007FF69757BEFC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 33c1c355f770a45dc32ec47b5556db51f5a056321d098f55ce731dda09118c74
                                                                                                                                                                                                                                          • Instruction ID: f45de62f3efdfd073a39718ff1836af58aa7506a30c014471c35a0e119a41516
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33c1c355f770a45dc32ec47b5556db51f5a056321d098f55ce731dda09118c74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E31AF62E1864286F7F1AF55884237C2650EF80FE6F5182B5EA1D873D2EF7CE4428B11
                                                                                                                                                                                                                                          Function 00007FF6975764A8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                          • Instruction ID: 33d20ca4f37eb56b0c6c257d6297e159fa48c79917bc3ca3ef865527699ad6fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c06f943cf2cfad6cae40bb945918742757c954c3eb67e691afc5a150f41a7f23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6117222E1C781C1EAB09F51944227EA266FF85BC0F1484B1EA8DC7A96DF7DD8408741
                                                                                                                                                                                                                                          Function 00007FF697586CAC Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                          • Instruction ID: a7886c85ce9d848579beece45ef4e7f6d578aa4949ae5690668eda5c67daf57b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ad99c40d53020ccb328d164a39266f2dfd48b33636b9c7a3122610519525da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68216232A28A4187DBB18F18E4417B976A1EB84B94F144274EA5D876DADF3DD4118B00
                                                                                                                                                                                                                                          Function 00007FF6975704FC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                          • Instruction ID: 64ca103db2e68534203aab0eed85bf37fe9c2fdaab66e8d11953acebc30cf858
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4e6805aeaf9884a68cba76bd798531beecc2a98c7129b287afec428eebc8cdc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4401C461A0874541EEA4DF679901079A6D2FF85FE0F48C6B0EE6C97BDACE3CD5018300
                                                                                                                                                                                                                                          Function 00007FF697577AB0 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: af50f55acc611b54009b4ea4d598cf3424078558251c62237d26469a9987366e
                                                                                                                                                                                                                                          • Instruction ID: 52b77ba3db3e9218b3d75541907491d121d99605a8fd844a6d509972e81360da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af50f55acc611b54009b4ea4d598cf3424078558251c62237d26469a9987366e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66019E20E1D75341FEF46B617A4117962D0EF947E0F148AB8E92DC2AEAEF2CE9418310
                                                                                                                                                                                                                                          Function 00007FF697577DEC Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                                                                                                                          • Instruction ID: 468d7802b1ea9bca46edd7b0fa0dc728040bf537bdbb1ca876f549c7a94947b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d2080b1b78402d7abe66b145058d3ba054e314cadcac67310d584db64078aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E0ECA4E1830646FAB5BBB05A831B91192CF943C1F14C8B8DE09CA2E3DE2C6C959621
                                                                                                                                                                                                                                          Function 00007FF69757F158 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,00000000,00007FF69757B9A6,?,?,?,00007FF69757AB67,?,?,00000000,00007FF69757AE02), ref: 00007FF69757F1AD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                          • Instruction ID: 272d348e708067359d9e064ea87d4bf4a9af13e7e9261be35314d08ed5236b28
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3903a8e07e771c3ce20f22a7cfda351bfc6825da59dd5d1b3ed6874a84ef80bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF06D55B1930681FEF9D761D9113B91291DF88BD0F4CC4B0CD0EC63D2EE1CE48282A0
                                                                                                                                                                                                                                          Function 00007FF69757DBBC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(?,?,?,00007FF697570D24,?,?,?,00007FF697572236,?,?,?,?,?,00007FF697573829), ref: 00007FF69757DBFA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4292702814-0
                                                                                                                                                                                                                                          • Opcode ID: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                          • Instruction ID: 5a5f43ed9d0510b939d592289ebfc23bdacf4215416f04b0026be07152215ad9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a58605cc4c1e1369a1067e1172dc77d995423b1642967883a658540b08b4ee9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F01C50F1D34745FEF867B29D522B51294EF847F1F0886B0DD2ECA2C2EE6CA4808A60

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FF697566EF0 Relevance: 164.8, APIs: 31, Strings: 63, Instructions: 263libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                          • API String ID: 190572456-2208601799
                                                                                                                                                                                                                                          • Opcode ID: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                          • Instruction ID: 16b1d45bb43c33c28e8cf55c92a90a2889ca5a0a778261d643ff5950fd8cba7c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c721144a29f82c0df2178d2ac20e82e85a8926ad6b3cde14d1131664071774a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDE1B765A2DB03D2FAF58B04A8505B473E9FF587D0B9454B5C81E863A8FFBCB648D200
                                                                                                                                                                                                                                          Function 00007FF697561F50 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                                                                          • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                                                                          • API String ID: 2446303242-1601438679
                                                                                                                                                                                                                                          • Opcode ID: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                          • Instruction ID: 5adaa5e101a4e807634b9f35a69bbe2700d995ee4bda6db4cb046bd39812521b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b11bbb19a83a086465840dcd7a103c40d81e06c4cc6566eb68c4ee1e4e9da55
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44A19876618B8587E764CF21E45479AB374FB88B84F50412AEB9D83B25DF3DE164CB00
                                                                                                                                                                                                                                          Function 00007FF69758471C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                          • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                          • Opcode ID: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                          • Instruction ID: 252dc6595611e61244fe2981afd9f750e537b8f3038fdd15114db38cc7339d99
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 462ebf29a53f9f8e0898a565754c8078d18c0a01f6b8af8c35fed8b76f3e05ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43B2B2B2E282928BE7B58F64D5407FD77A1FB543C8F505175DA0E9BA84DF38AA01CB40
                                                                                                                                                                                                                                          Function 00007FF697568560 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00007FF697562A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697568587
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32 ref: 00007FF6975685B6
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32 ref: 00007FF69756860C
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6975687F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697562A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: MessageBoxW.USER32 ref: 00007FF697562AF0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                                                                          • API String ID: 2920928814-2573406579
                                                                                                                                                                                                                                          • Opcode ID: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                          • Instruction ID: ae261f91ca437ad9415a727d806e7e2736cacf64246d20104db42a1eb8b3daa9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6472fed7a38855fe53d018715946baf175a16c93e2266fbaa2446d02f1e91665
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8214C71A18B4293FBB09B11E8446AA73A5FF983C8F840175E68DC36A5EF3CE245C740
                                                                                                                                                                                                                                          Function 00007FF69756C57C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140674995-0
                                                                                                                                                                                                                                          • Opcode ID: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                          • Instruction ID: 9be8ee44a3e5127cf8267c72826e97e09c8148d595c9298dc7d880a6021a76b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f0e84db8cb7341a902ef28a41a93ef6eb2637ed36960dc0fb1294147411c1b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E316A72618B818AEBB09F60E8403ED7365FB84784F44403ADA4E87B99EF39D248C714
                                                                                                                                                                                                                                          Function 00007FF69757ABD8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1239891234-0
                                                                                                                                                                                                                                          • Opcode ID: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                          • Instruction ID: 262e9dd625212059d675db1026bcac8eb038fc6d308823d5968e402dbe17f98f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac1c30ff9e2098ff7eaac683efdfbba3e64979dbffe5e0d25534f02cf004e64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62316232618F8186DBB0DF25E8402AE73A4FB88794F544135EA8D87B59EF3CD645CB00
                                                                                                                                                                                                                                          Function 00007FF697581EE4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2227656907-0
                                                                                                                                                                                                                                          • Opcode ID: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                          • Instruction ID: 292175157f22cc7d04c7665563c774b37547e27c17fc70ea398eb077af208041
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e601e72e586d0b4de4a5ebf73eb2eb015632a136167348e3e84c4a74a70f75b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9B1E666B2869682EAF0DB26D8005FA6791FB44BE4F544176EE5E87BC5DF3CE442C300
                                                                                                                                                                                                                                          Function 00007FF69756C460 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                          • Instruction ID: 7dabb42fa1c45f3752122621388ebe7ed823fcb92fc0b012985dcc1a7dbb1c55
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d807bcf8cbcf5afbec6ed78c6a62c7f595d782d60191141b96be5bff8736c763
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB117322B14F058AEB50CF60E8452BD33A4F718798F440E31DA6D867A4DF7CD1548380
                                                                                                                                                                                                                                          Function 00007FF697584280 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1502251526-0
                                                                                                                                                                                                                                          • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction ID: 78a77134ef5296fa395de7810d11854d265db93a22701b7fd90b1aa93619398a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0C1C072B2968687EB748F1AA0446BAB7A1F794BC4F458135DF4A87B44DE3DEC01CB00
                                                                                                                                                                                                                                          Function 00007FF697589FF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 15204871-0
                                                                                                                                                                                                                                          • Opcode ID: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                          • Instruction ID: c1d944041a256e5323b4c6f16eefb64cbe9c11174c733adcb6312494b6dd1645
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4cdb5d9b405a5f2b155a4653528c407a9956d0b6218a393af626003cf1b5a24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BB15E73614B898BEB65DF29C8463AC77A0F784B88F158961DB5D837A4CF3AD451C700
                                                                                                                                                                                                                                          Function 00007FF6975688D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                          • Opcode ID: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                          • Instruction ID: 7ee1e673b524a6f047a8e7bfb2f36f83b6480e397f4e65e58809d759ce72aea1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61dd1ed1e1c953fe7bf24916078f2f4a3db137be7e9bcdd6edf362509e7e8552
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF0A472A2C68587F7F08F64F4597AA7391EB447A8F004335D66D466D4EF3CE1088B00
                                                                                                                                                                                                                                          Function 00007FF697573AE4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                                          • API String ID: 0-227171996
                                                                                                                                                                                                                                          • Opcode ID: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                          • Instruction ID: a5544cb2f27127e615d9e55b76fd4c427a0aeec7b5b77924767351a2ef34aab1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 631a3e48eb673e1850d57232dc56befdf755ff5fd67b38a64b6ca9c49a913018
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EDE1B372A1868686EBF88F29C05013D33A4FF45BE8F1492B5DE4E87794DF29EA51C700
                                                                                                                                                                                                                                          Function 00007FF69757E4B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: e+000$gfff
                                                                                                                                                                                                                                          • API String ID: 0-3030954782
                                                                                                                                                                                                                                          • Opcode ID: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                          • Instruction ID: 97e2d1a5c17b664ab3db43adfa899584ddfe00bfbb6820ba5d199a9dbfd3f6b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95f5c728ca916dfdd01defb08dd518f9d9b28e517fc4b7b4370436378f7798ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32515762B183C586E7B48F39A90576D7B91E744BD4F88C2B1CBA88BAC5DE3DD4458700
                                                                                                                                                                                                                                          Function 00007FF69757E01C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gfffffff
                                                                                                                                                                                                                                          • API String ID: 0-1523873471
                                                                                                                                                                                                                                          • Opcode ID: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                          • Instruction ID: 369697e9e2ee5e506675ad5953803048563fac309fd56155184bd0b300eb3ca7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da57d4f04fe3a59080078ae7a8b70c1646e0beb0550e210eb96496c016bfbe06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA11163A0878A86EBB1CB2AA4407AD7B91EB51BC4F05C172DE8D87795DE3DE501C701
                                                                                                                                                                                                                                          Function 00007FF6975786D0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: TMP
                                                                                                                                                                                                                                          • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                          • Opcode ID: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                          • Instruction ID: 4925d306ffc8422650850fa93d0f3c5755c335ab5fcc39dc7fd737e1b36a9060
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf0abd2c7e4acdbc7dd987358b9028f2a59d8daca936b72b1b12d96a797a3aac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9518E15F1864241FAF8AB2759111BA5291EF84BC4F48C4B9DE0EDB7D6EF3DF4428208
                                                                                                                                                                                                                                          Function 00007FF697583AF0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                                                                                          • Opcode ID: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                          • Instruction ID: f714cbe102787970446e991d0bf3461c34cd08ad8c6845ef753a436c3a90bd8c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a498131316ba0cf2da72d1126b97be92acaa4b08e35d008cc1bd8d186f782f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24B09220E1BA46C2EB982B116C8621422A9FF88B50F9440B8C10CC1320EE2C20B58750
                                                                                                                                                                                                                                          Function 00007FF6975736E0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                          • Instruction ID: c185b96d808448e26aec297d32e1166c8a894fcdcbb4b4641e71b9e9bcc91119
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 208e6a978d65b3df04c2d2163cfe11b9ca3e791e60348233d6b397c6ac133608
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28D1DF62E0968286FBB88F29845467D27A0EF05BE8F1492B5CE0D877D5DF3DEA45C340
                                                                                                                                                                                                                                          Function 00007FF697568FD0 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                          • Instruction ID: 368af81986943c80ee48cacdf0eb6793c3e436f13e5c2ea6924b712ae437be3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 926518188b614a96dab23eca74cd6fab0ac352dd7b9dabb22d14e7e66e5c8c54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2C124322142F48BD698EB29E45947A33E2F7A9349BD5403BEB874B7C5CA3CE504D750
                                                                                                                                                                                                                                          Function 00007FF697572D50 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                          • Instruction ID: c41b42d7fb1e0f255d8bd656f1e726296083ab9501cbfcd9ffd16aa10a284474
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b67fe5c4df14f10fbabbc179396d5558260dc0a4d214c0f6109c6307dd6f74d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BB16D72A0978585E7B58F39C05423C3BB0EB49F98F2491BACA4E87395CF3AE541C741
                                                                                                                                                                                                                                          Function 00007FF69757EB30 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                          • Instruction ID: f29dd8a0f6c511c0210826df0e1e49bb0866e2682b2db2434f95e0a8f429365c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 41de09fd609196546d8b05baa0994189bc53ea50dddfb86cdccda31fca7eba1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E81B272A0878186E7F4CB19948437A6B91FB46BD4F54C279DA8E87B99DF3DD4408B00
                                                                                                                                                                                                                                          Function 00007FF697586D70 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215553584-0
                                                                                                                                                                                                                                          • Opcode ID: 3a6143a7b5f00f0189e4837f13cf3fad345f6e9eb837262b3e4ffc84bd4cc460
                                                                                                                                                                                                                                          • Instruction ID: 70f32e57dc05f17d1c8fc46c55964abeb42c1d42cfeb82cc7fb0083f3e21bc13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a6143a7b5f00f0189e4837f13cf3fad345f6e9eb837262b3e4ffc84bd4cc460
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F961CD22E38292C7F7F48B28C4506BA6591EF407E0F1446BAE65DC6AC6DE7EE8458700
                                                                                                                                                                                                                                          Function 00007FF697571E94 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                          • Instruction ID: 8790836201a5511db09e9749fdf2bc3219ee99d5f879ca24b98f77e42461a249
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa1e8384b8f9ed93a652e40ff1fad70abf09339abefc5cb7d3385a95e3869c9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C519176A28651C6E7B48B29C04023937B0EB98BA8F24C175DE4DC7794CF3AE843D790
                                                                                                                                                                                                                                          Function 00007FF6975722A4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                          • Instruction ID: ecbefde56311306de31686c58030a96762e3f378a12a8a80dbd8d03f6336be4a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c25247ae15e209603ec1042d904b34171e82564d0ea1a98edeaeffe93ffac02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54519276B1965586E7B48B29D04463C37B1EB58FA8F249171CE8D87794CF3AE843CB40
                                                                                                                                                                                                                                          Function 00007FF697571A84 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                          • Instruction ID: c5cb3634f628558dd24f9190078125917b1198f08aaa9be68d64760044e74b79
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51394bb55acd0354c6b54540f03649d9a1ed653df3d59b65c3bbefa0f3d6b76a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18515276A18A5186E7B48F29C04423937A1EB95BE8F248171CE8DD7794DF3AEC53C780
                                                                                                                                                                                                                                          Function 00007FF6975720A0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                          • Instruction ID: 91af051ef4073f9ad3de8f0e69d9e540be76ce9b75aa1dff1de3f89b042087f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8494ecf62f03c1d3943c1d589e4c29644468de266d09ee5189585ab02985f6c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7516076B2A69186E7B48B29C44023C27B1FB59B98F24C171CF4D97795CF3AE842C780
                                                                                                                                                                                                                                          Function 00007FF697571880 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                          • Instruction ID: d2405a821dcf2fc89d85b693e69ef08f7671fbd97efab4847dd09bbb19e2bd15
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbef8b130d79a7ad9bd62ede7a83548c92a3f011a0e32d449ba268992e3839f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F517076B1865186E7B48B29C04433C37A1EB85B98F248171CE4DD77A5CF3AE943C780
                                                                                                                                                                                                                                          Function 00007FF697571C90 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                          • Instruction ID: 3f6a18f8b3bd0ea301543b886376525aeefc00e8cd3437a9614522d21efff770
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4595b9fb9fef9db7488d00d8b5cf28c2737f3b7c2e6c847ec82cdef55389f28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E517076A1865586E7B48B29D08073C37A1EB89F98F648175CE4DD7798CF3AE842CB40
                                                                                                                                                                                                                                          Function 00007FF697575F30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction ID: 57fd355d9c60ecf79e925b12d1157b613d9b83cce4fa3f3f130df7e6f48c84a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 544180D281D78A84E9F68B1805146B426C0EF22BE1F58E2F4DD9DD73D6DD1E65878201
                                                                                                                                                                                                                                          Function 00007FF69757A430 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                                                                                                                          • Opcode ID: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                          • Instruction ID: 6ab3b2d68834a621b7dac97cbb84f6fafb8c91a77748f3a34c75945dd59ccaea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2970ddd5f501fe71afef01217e103934546d8fb7f20af68bec1b913dc8647c23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C41E1A2B14A5582FFA4CF2AD91516963A1EB48FD0F59E036EE0DC7B58DE3CD1428300
                                                                                                                                                                                                                                          Function 00007FF697577C98 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 07f4a39e9cc2ad1441a8aa1ffea777e60b39e7c177a4820a8f2f9fbe0e0676c5
                                                                                                                                                                                                                                          • Instruction ID: 39b223c1f841e18235a8dfe5c7443bd967045627ed3116201e97889aa3fe643b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07f4a39e9cc2ad1441a8aa1ffea777e60b39e7c177a4820a8f2f9fbe0e0676c5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE318232B19B4242E7B4DB25B48117A66D5EFC4BE0F148679EA4D93BE6DF3CD4028704
                                                                                                                                                                                                                                          Function 00007FF697589E40 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                          • Instruction ID: 8107da53c99ed95fcd795ae3d3fc19dcb311c5a8e757184ba13d16db32116738
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dada551c461b21fdad657b6bac4cbdfad31b05eb9b59333086b2e0a15b162055
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F04471B182558ADBE88F29A40262977E0E7483D0B4080BAD689C3E14DE3C90508F14
                                                                                                                                                                                                                                          Function 00007FF69756C760 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                          • Instruction ID: bd641221c54edb62df196be458c964cd11c07574c47d2eeb0ad112cd3adf8ff8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5749315d7b24dceccc8714b5042f108a7de79c1631c17c6a95dc8ed6b888950b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5A0022191CC46D1E6E48B10E8500B03335FB51380F9000B5D04DC50A1EF3FB641C350
                                                                                                                                                                                                                                          Function 00007FF6975651E0 Relevance: 233.1, APIs: 44, Strings: 89, Instructions: 363libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                                          • String ID: Failed to get address for PyConfig_Clear$Failed to get address for PyConfig_InitIsolatedConfig$Failed to get address for PyConfig_Read$Failed to get address for PyConfig_SetBytesString$Failed to get address for PyConfig_SetString$Failed to get address for PyConfig_SetWideStringList$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyPreConfig_InitIsolatedConfig$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PyStatus_Exception$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetObject$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_ExitStatusException$Failed to get address for Py_Finalize$Failed to get address for Py_InitializeFromConfig$Failed to get address for Py_IsInitialized$Failed to get address for Py_PreInitialize$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                          • API String ID: 190572456-4266016200
                                                                                                                                                                                                                                          • Opcode ID: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                          • Instruction ID: fac0b390164fa66d031167725a52a6136f28f849a9108469d1da1e76788d2d0f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf77275b4bf0387ff900e5ea28e17749df250fc4abdfb995cff073003fe970f9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8812A1A5A5AB03D2FAF5CB08B8541B423A5EF147D0B9454F5C82EC63A4FF7CB658D240
                                                                                                                                                                                                                                          Function 00007FF6975612B0 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message_fread_nolock
                                                                                                                                                                                                                                          • String ID: %s%c%s$Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$\$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 3065259568-2316137593
                                                                                                                                                                                                                                          • Opcode ID: 28b72b6dd3b7326a990f9e3b11dd8638ee3f971b352538d2c25bb3e62b2d7916
                                                                                                                                                                                                                                          • Instruction ID: 140e64909731bc6d7e8120520dcfd89109da79b153fa20a625dd656737946fbf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28b72b6dd3b7326a990f9e3b11dd8638ee3f971b352538d2c25bb3e62b2d7916
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF51AC61B1868746FAB0AB21A8512FE7394EF447D4F9040B1EE4DC7B9AFE3CE6458740
                                                                                                                                                                                                                                          Function 00007FF6975623F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                          • String ID: P%
                                                                                                                                                                                                                                          • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                          • Opcode ID: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                          • Instruction ID: b4cff493c52bf31649bec0d5dd4365000aca5f84b304392b7014002bbf66e76c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7645c0c2d2fce03d3aab2d1fd33ee4a3925b53edade4cf92fedf68089910dc30
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF510636614BA187D6749F26E4181BAB7A1FB98BA1F004121EFDE83795DF3CD085DB10
                                                                                                                                                                                                                                          Function 00007FF6975767A4 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: -$:$f$p$p
                                                                                                                                                                                                                                          • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                          • Opcode ID: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                          • Instruction ID: 7f75288fae4a9e742acc7f6725728d8a9d55c1ba0cc7cf54edf18391d49caeaf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6ac63e3974c66327622d921c1304357062fd3cb2bcbfe9c56688102bfb98152
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8012AF72E1C243CAFBB49B15D1546BA76A1EB80794F88C075EA8DC76C4DF3DE8908B11
                                                                                                                                                                                                                                          Function 00007FF697571108 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: f$f$p$p$f
                                                                                                                                                                                                                                          • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                          • Opcode ID: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                          • Instruction ID: b6d30f0953d1922dc27a5c5bd23f4c7fd1a3f040e1735a38618b0944f9820fe5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7160b50ef5c5d9843a5fd5f0d5cd643ebb1f382f7049b3f2f81a6a7c29ab944c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36129262E0C14386FBB49B15E1546B972A2FBC07D4FC8C175E69AC6AC4DF3CE8808B14
                                                                                                                                                                                                                                          Function 00007FF6975615A0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                                          • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                          • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                                          • Opcode ID: efc8d44ed9c118c8941ed82a4cd244b9d413ba80867f69d9970236f942c8c2d9
                                                                                                                                                                                                                                          • Instruction ID: af8e220b20c41f9a11770116e682b4c7f55831a72d9c4bc946f4f36e225a9ed3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efc8d44ed9c118c8941ed82a4cd244b9d413ba80867f69d9970236f942c8c2d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77318021B1C68386FEB49B55E8405BA73A4EF04BD4F4844B2DE4DC7A95EE3CE646C700
                                                                                                                                                                                                                                          Function 00007FF69756EB00 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 849930591-393685449
                                                                                                                                                                                                                                          • Opcode ID: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                          • Instruction ID: 163d4a8d5eea2a3bdf00712d6f7cb294a01511eccae1c3f5402df91e04d10d47
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b2a4badfdaa60d9abfb93841dcb65d735c0fc58e4118d1b5c2a51383b6331b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EE1B072A09B418AEBB09F25D4403AD77A0FB54BC8F148575EE8D97B99DF38E681C700
                                                                                                                                                                                                                                          Function 00007FF69757F1D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF69757F56A,?,?,0000023530526918,00007FF69757B317,?,?,?,00007FF69757B20E,?,?,?,00007FF697576452), ref: 00007FF69757F34C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF69757F56A,?,?,0000023530526918,00007FF69757B317,?,?,?,00007FF69757B20E,?,?,?,00007FF697576452), ref: 00007FF69757F358
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                          • Opcode ID: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                          • Instruction ID: 9e2cf28938ad0ced2f68c0bc7bb1f8fe3e60d2d20eab0140e3a760fdc9fb0760
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2429d82f74935346a71535361e23a0a0fd68cfa18870ede5d154c99e1daa8a5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0412661B29A0292FAB5CB16AC006B52395FF48BE0F588175DD1DDB7C4EF3DE44A8300
                                                                                                                                                                                                                                          Function 00007FF6975686B0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697568747
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF69756879E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                          • API String ID: 626452242-27947307
                                                                                                                                                                                                                                          • Opcode ID: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                          • Instruction ID: bc88194c66c59a18005c5e660700fafd50ff63b38b75c58fd98c9e6c43ecedf0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d8cc197ee630c3fb00dd31b72f24074ca9fe52add05c6a83a64952da4f63ba4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D741A132A09B8282E6B0DF15B84017AB7A1FB88BD4F548575DE8D87B94EF3CE545C704
                                                                                                                                                                                                                                          Function 00007FF697568BF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00007FF6975639EA), ref: 00007FF697568C31
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6975687F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697562A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: MessageBoxW.USER32 ref: 00007FF697562AF0
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00007FF6975639EA), ref: 00007FF697568CA5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                          • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                                                                          • API String ID: 3723044601-27947307
                                                                                                                                                                                                                                          • Opcode ID: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                          • Instruction ID: 69ab2072f8a13ffab57a31cec49dd7207a1411bd5f4456fb838730ead97e7a7e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93215b2962e715be9f5aa91d99be70836a612e16585fb8aee950a2577366c4a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51219A31B1AB4286EBA0DF22A8401B977A1FF88BD4F584175CA4D8B794EF3CE641C344
                                                                                                                                                                                                                                          Function 00007FF6975675A0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo$_fread_nolock
                                                                                                                                                                                                                                          • String ID: %s%c%s$ERROR: file already exists but should not: %s$PYINSTALLER_STRICT_UNPACK_MODE$WARNING: file already exists but should not: %s$\
                                                                                                                                                                                                                                          • API String ID: 3231891352-3501660386
                                                                                                                                                                                                                                          • Opcode ID: 2240716bbe72ad784abe2b242e4c0a0e81a9ac30340f9e4326560e869a2db470
                                                                                                                                                                                                                                          • Instruction ID: ddf76a0c121a61d050ebbc646d9c9d7b82ba104864d761db719b8074808ee5c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2240716bbe72ad784abe2b242e4c0a0e81a9ac30340f9e4326560e869a2db470
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B519F61A1D68346FEF1AB25A9402F97291DFC9BD0F5445B0ED0DC77E6EE6CE6018340
                                                                                                                                                                                                                                          Function 00007FF69756DDB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF69756E06A,?,?,?,00007FF69756DD5C,?,?,00000001,00007FF69756D979), ref: 00007FF69756DE3D
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF69756E06A,?,?,?,00007FF69756DD5C,?,?,00000001,00007FF69756D979), ref: 00007FF69756DE4B
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,?,?,00007FF69756E06A,?,?,?,00007FF69756DD5C,?,?,00000001,00007FF69756D979), ref: 00007FF69756DE75
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,00007FF69756E06A,?,?,?,00007FF69756DD5C,?,?,00000001,00007FF69756D979), ref: 00007FF69756DEBB
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,?,?,00007FF69756E06A,?,?,?,00007FF69756DD5C,?,?,00000001,00007FF69756D979), ref: 00007FF69756DEC7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                          • Opcode ID: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                          • Instruction ID: 9f33b2e2d6e53fbbcb90777ff108b443f0dead6ef567df4a79a43b6e09b64986
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa40dd5a34ae4d0b6736a9b6b46f8404287a490a05e4db78c585315ae40f634e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E31A525B1A74291EEB9EB02A8005B533D4FF58BE0F590979DD1D8B395EF3CE9448300
                                                                                                                                                                                                                                          Function 00007FF697567420 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697568AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF697562ABB), ref: 00007FF697568B1A
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6975679A1,00000000,?,00000000,00000000,?,00007FF69756154F), ref: 00007FF69756747F
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697562B30: MessageBoxW.USER32 ref: 00007FF697562C05
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6975674DA
                                                                                                                                                                                                                                          • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF697567456
                                                                                                                                                                                                                                          • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF697567493
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                          • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                                                                          • API String ID: 1662231829-3498232454
                                                                                                                                                                                                                                          • Opcode ID: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                          • Instruction ID: 2fe6e12421941bbaef8c588fa9c6904753239772c3cf16c6949d7a52d9340d07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e8575f0beacdb372a81e9debe9bb6d766e8e255e7029f60019f70bf69282784
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F316751F2D78241FAB4A721E9553BA6291FFD87C0F8448B5DA4EC67A6FE2CE604C600
                                                                                                                                                                                                                                          Function 00007FF697568AE0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF697562ABB), ref: 00007FF697568B1A
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6975687F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697562A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: MessageBoxW.USER32 ref: 00007FF697562AF0
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF697562ABB), ref: 00007FF697568BA0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                                                                          • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                                                                          • API String ID: 3723044601-876015163
                                                                                                                                                                                                                                          • Opcode ID: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                          • Instruction ID: d6704ad6522eefc4ff8c8fb9f8cd7ba6db9ab5ad2a8052ab31dcff59e38205a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a7f0904e5ec1897560545d2159a663e9c273eaf1fea03a0d1ae7df506dc6c73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10217662B18A4282EBA0DB15F8411B9A3A1FF887D8F584175DB4CD3B69EF2CE541C704
                                                                                                                                                                                                                                          Function 00007FF69757B710 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 4c036152db15b5a2576d662e79388d683b1cca67e39eb64d5f9cdec899b2deef
                                                                                                                                                                                                                                          • Instruction ID: 6a09f57cf729177e572da2d0edbf83bd2801304fb5f996e59249e00a9aad360a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c036152db15b5a2576d662e79388d683b1cca67e39eb64d5f9cdec899b2deef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6215E64A0C24282FAF4A739965527E6252DF44BF0F54C7B4E83ECABD6EE2CB4024740
                                                                                                                                                                                                                                          Function 00007FF6975885BC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                          • String ID: CONOUT$
                                                                                                                                                                                                                                          • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                          • Opcode ID: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                          • Instruction ID: efa7a64953d5177894573adfe9b638fa3e5c76dc6b4d9e41eba170ada82f27bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47774de373198f8681994077b4026dd9a590ed4534763da2009e0dd4878e84a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D511D321B28B8287E7A08B02F85476973A4FB98FE0F404274DA1DC77A4DF3CE8448744
                                                                                                                                                                                                                                          Function 00007FF69757B888 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00007FF6975754CD,?,?,?,?,00007FF69757F1BF,?,?,00000000,00007FF69757B9A6,?,?,?), ref: 00007FF69757B897
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6975754CD,?,?,?,?,00007FF69757F1BF,?,?,00000000,00007FF69757B9A6,?,?,?), ref: 00007FF69757B8CD
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6975754CD,?,?,?,?,00007FF69757F1BF,?,?,00000000,00007FF69757B9A6,?,?,?), ref: 00007FF69757B8FA
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6975754CD,?,?,?,?,00007FF69757F1BF,?,?,00000000,00007FF69757B9A6,?,?,?), ref: 00007FF69757B90B
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF6975754CD,?,?,?,?,00007FF69757F1BF,?,?,00000000,00007FF69757B9A6,?,?,?), ref: 00007FF69757B91C
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(?,?,?,00007FF6975754CD,?,?,?,?,00007FF69757F1BF,?,?,00000000,00007FF69757B9A6,?,?,?), ref: 00007FF69757B937
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2506987500-0
                                                                                                                                                                                                                                          • Opcode ID: 8f76d250fbe0b5259abb4dbde422c74cf40887be6a771761d1db9f63c6a56687
                                                                                                                                                                                                                                          • Instruction ID: 917ebf9e31033e59c10f8fc7e504ab8718f1f5abbac6b77c6c2089649810a945
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f76d250fbe0b5259abb4dbde422c74cf40887be6a771761d1db9f63c6a56687
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04112C61F0D64282FAF4A731965567E6252DF49BF0F94C7B4E83EC77D6EE2CA4024600
                                                                                                                                                                                                                                          Function 00007FF69756D778 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$f
                                                                                                                                                                                                                                          • API String ID: 2395640692-629598281
                                                                                                                                                                                                                                          • Opcode ID: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                          • Instruction ID: cc79e2c714fa9e3e8c835ad369aa8371d7514ae8702b44cf3988efe63c9fd112
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8f7f253a213423ff5db8842e39d1181b4fa0cc0edf0f0e27fe70a45a9ca17df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7951A332A197028AEFB4DB15E404A393795FB54BD4F548974DA5E87748EF38EA41C700
                                                                                                                                                                                                                                          Function 00007FF697562600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                          • String ID: Unhandled exception in script
                                                                                                                                                                                                                                          • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                          • Opcode ID: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                          • Instruction ID: 59ce9f0b69b7aec7aab84b7b65d00d01584caa21b4316643b35d7689a0a40b39
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef2f79dabe8b940bf64869f24e404b0ac86445532df2e67e8084f44f9f65f5c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80315D72A19A8289EB60DB61E8551F97360FF887C4F404175EA4D8BB69DF3CD205C700
                                                                                                                                                                                                                                          Function 00007FF6975629E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6975687F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697562A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697568560: GetLastError.KERNEL32(00000000,00007FF697562A5E,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697568587
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697568560: FormatMessageW.KERNEL32 ref: 00007FF6975685B6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF697568AE0: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF697562ABB), ref: 00007FF697568B1A
                                                                                                                                                                                                                                          • MessageBoxW.USER32 ref: 00007FF697562AF0
                                                                                                                                                                                                                                          • MessageBoxA.USER32 ref: 00007FF697562B0C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                                                                          • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                          • API String ID: 2806210788-2410924014
                                                                                                                                                                                                                                          • Opcode ID: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                          • Instruction ID: 938240d078ab4ad27ceeff01ef190eabb72bf2f98d58832ad274e42db6274bd6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c01ac0bbfceecfac493be67ae1d6a2211250b6a817a0c50f994bc812b65e1c92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04319272628A8292E770DB10E4516EA7364FF847C4F804036EA8D83A99DF3CD745CB40
                                                                                                                                                                                                                                          Function 00007FF69757A018 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                          • Instruction ID: ae403f78d9bd5c170989da6ffb0ade232997583b0433409c1524c63bce8002c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbe3d75c1d18d9b252fc65a249d413b32bc9fbcf71b4c61f8ce4d80949566840
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAF0AF61B1970282FAA49B24E8453B95364EF487E1F840675C56EC61E4DF2CD085C340
                                                                                                                                                                                                                                          Function 00007FF697589C40 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _set_statfp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156100317-0
                                                                                                                                                                                                                                          • Opcode ID: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                          • Instruction ID: 0620c7ccb3f52746fb3b13c96f2e86ad9207f79f4d8fe130c8c7082397ab6fe6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a62d4fcbb0970871e45180a1f834c32a3c4d190302dd8db61346826940fa499d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE113D72E38A0743F6F41368E5463F926C0EF553E4F1406B4EB6E866DECF2EA8404A44
                                                                                                                                                                                                                                          Function 00007FF69757B950 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FlsGetValue.KERNEL32(?,?,?,00007FF69757AB67,?,?,00000000,00007FF69757AE02,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757B96F
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF69757AB67,?,?,00000000,00007FF69757AE02,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757B98E
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF69757AB67,?,?,00000000,00007FF69757AE02,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757B9B6
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF69757AB67,?,?,00000000,00007FF69757AE02,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757B9C7
                                                                                                                                                                                                                                          • FlsSetValue.KERNEL32(?,?,?,00007FF69757AB67,?,?,00000000,00007FF69757AE02,?,?,?,?,?,00007FF6975730CC), ref: 00007FF69757B9D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 9e1f5f4a1b3245dc74612c863be46776bcdac4bc40e164520dccced427665cd5
                                                                                                                                                                                                                                          • Instruction ID: f06fdc87d0eb9d88d6882e06b9978bc47736f40f2f4702831c283bd81561f0bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e1f5f4a1b3245dc74612c863be46776bcdac4bc40e164520dccced427665cd5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA115EA1F0C24241FAF8AB36E55167A6252EF45BF0F54C3B4E87DC67D6EE2CE5428600
                                                                                                                                                                                                                                          Function 00007FF69757B7E4 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3702945584-0
                                                                                                                                                                                                                                          • Opcode ID: 0e11ebfcfedaf50d903662c6f8872d2c6bdf32a6161de3e830a41dec96b80c12
                                                                                                                                                                                                                                          • Instruction ID: 1c5263ea10762a319ffa0982b1d52ca571e5e5992a2467282d8c2a231969a3cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e11ebfcfedaf50d903662c6f8872d2c6bdf32a6161de3e830a41dec96b80c12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60111E60E0D20782F9F8AB35981667A2181DF457F0F54C7F8D93ECA2D3ED2CB5025641
                                                                                                                                                                                                                                          Function 00007FF6975764B4 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: verbose
                                                                                                                                                                                                                                          • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                          • Opcode ID: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                          • Instruction ID: 147fe088c48be2e1d15af6142fc261cb5d4b00fcc38d6dc1ad1b4765d457b3fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad3fface7d4b2ce3aa9510f497705372120eac90acd968bb25d3a192cbea6c12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A91AC32A08A86C5EBB18F25D45177D36A1EB40BD4F84C1B6DA5EC63D9DE3CE8458301
                                                                                                                                                                                                                                          Function 00007FF6975805A8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                          • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                          • Opcode ID: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                          • Instruction ID: 469092a4a1a11770cf4c0d145c63fcfb04c403a259ca989cdf9e381f5111f3ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a54e2a2b62d6839c513ace75884cea9e48035532f3c44be9a18c4b4dcf643eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A81B272E2C24287FBF44F2986102F836A0EB11BC8F5580B5DA0ED7295DF2DE9419B41
                                                                                                                                                                                                                                          Function 00007FF69756EFD8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                          • Instruction ID: ffe216bb6d62f2e751fe7b8834d8b6f6689832acafe48479e880667f79b8a77f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37ce56c1d967fba8f41503b71a699ba51a6fbc199d8f022e66d4a2d7a57293db
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4616973A08B858AE7609F65D4803AD77A0FB48BD8F044265EF4D57B99DF38E285C740
                                                                                                                                                                                                                                          Function 00007FF69756F334 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm$csm
                                                                                                                                                                                                                                          • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                          • Opcode ID: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                          • Instruction ID: aee5c9c078cdb319f345b20dee4e972df44ed04d7a626c9ed48e6c87a1437c58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80d5d2ed719ea387a00afc8e5c38e85421d4b0de11d669121429011e6c75d481
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F519232D0828286EBB48F15954436877A0FB65BD4F1481B5DA9DC7BD9CF3CEA51CB00
                                                                                                                                                                                                                                          Function 00007FF697562890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                                                                          • API String ID: 1878133881-2410924014
                                                                                                                                                                                                                                          • Opcode ID: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                          • Instruction ID: cddbf1a89731196ee54037271f6b3c89bafc09f561cd15b654d2712c3b0a81a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8e3c511841a02337865787422672dc7088828a74b651abb3bad42d47e8d3758
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F319772638A8282E670EB10E4516EA7364FFC47C4F804176EA8D87A99DF3CD705CB40
                                                                                                                                                                                                                                          Function 00007FF697563EC0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,00007FF6975639EA), ref: 00007FF697563EF1
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF6975687F2,?,?,?,?,?,?,?,?,?,?,?,00007FF69756101D), ref: 00007FF697562A14
                                                                                                                                                                                                                                            • Part of subcall function 00007FF6975629E0: MessageBoxW.USER32 ref: 00007FF697562AF0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                                                                          • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                                                                          • API String ID: 2581892565-1977442011
                                                                                                                                                                                                                                          • Opcode ID: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                          • Instruction ID: fa50c3e0655d81f366f44e6b749b924456dac40fd9b8a5c20b0e2d8b5f9233df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 227eff0bc0a0d80c8f8e7ebb06cca3199172163df290dc8daf9e61b6ec9130a6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4014F61B2D64791FEF0A720E8563B963A1EF5C7C8F8004B2E84DC6696EE1CE346C700
                                                                                                                                                                                                                                          Function 00007FF69757CB60 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2718003287-0
                                                                                                                                                                                                                                          • Opcode ID: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                          • Instruction ID: 61c44c649334c7f850bd4932ecb9cfcfb4f7b84bd6bb9b997f8b2a8bac6caec6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9513e67bca3e1584d4e6c680d6c879e0cc2bad3dff94493eb0c92e1d92f8606a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4ED1EF72B18A818AE761CF75D4402AC37B9FB44BD8F148276DE5E97B99DE38E406C300
                                                                                                                                                                                                                                          Function 00007FF697562330 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1956198572-0
                                                                                                                                                                                                                                          • Opcode ID: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                          • Instruction ID: ce98b0646e53935168f8df940fddf6c203d60d93f8f5e38e2df24d649893164d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecac84c754e5eddc26d74cef75c58701df5fcac281216c238072f9f7c8686c02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B711A921F1814A42F6E49769F5442B96295EF84BC0F448070DA4986B9EDE2CD5C18600
                                                                                                                                                                                                                                          Function 00007FF69758628C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: ?
                                                                                                                                                                                                                                          • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                          • Opcode ID: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                          • Instruction ID: a3516467ea5c76deb9d5666e133789fa65902acfa624e0a586d3949fa404d5de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17ef38b8e319b62c4683ba5c2bd00e0c19603a4e78082bfdfdcdf9d98f8fed33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9641F512A2828683FBB49B25E4453BA66A0EF80BE4F144275EE9C87BD6DE3CD441C700
                                                                                                                                                                                                                                          Function 00007FF6975795A4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6975795D6
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AF0C: RtlFreeHeap.NTDLL(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF22
                                                                                                                                                                                                                                            • Part of subcall function 00007FF69757AF0C: GetLastError.KERNEL32(?,?,?,00007FF697583392,?,?,?,00007FF6975833CF,?,?,00000000,00007FF697583895,?,?,00000000,00007FF6975837C7), ref: 00007FF69757AF2C
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF69756BFE5), ref: 00007FF6975795F4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\L5OMdZqWzq.exe
                                                                                                                                                                                                                                          • API String ID: 3580290477-3581382806
                                                                                                                                                                                                                                          • Opcode ID: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                          • Instruction ID: bf0afeb1ef73be29ad782003b3dcb8a6ab702907a5a37b828746456cfe8a98c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72bea691884ec75b0bcc04dadd89fc5e2ba2839e886db2c4c4036b89f533388c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB419076A18B5286EBB8EF25D4410BD37A4EF847D4F548076E94E87B89DF3CE4818310
                                                                                                                                                                                                                                          Function 00007FF69757D1F8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                                          • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                          • Opcode ID: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                          • Instruction ID: 6a76164fa055e915dfdbe6343a278cb87fc5b5fbb28f5412e1dd683d905730ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c155d3c2efe6fcc9017d536d5590e74356888db1e245345eaaebbd58f2ba0871
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9741BF62A28B8586EBA08F25E8447A977A0FB987D4F908031EE4DC7798EF3CD541C750
                                                                                                                                                                                                                                          Function 00007FF69757F918 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                          • Opcode ID: 37476e9fe501e7f44791a553affc3ffa80e4bc938821bb0c9fc6a7376d994417
                                                                                                                                                                                                                                          • Instruction ID: a41dcaea46d908590c567e986179a260cf469d1a0d177ce278615266567bafe9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37476e9fe501e7f44791a553affc3ffa80e4bc938821bb0c9fc6a7376d994417
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E521E162A1868182EBB0DB15D44537D73B2FB84BC8F518076DA9D832C4EF7CEA46C741
                                                                                                                                                                                                                                          Function 00007FF697562C50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: Error detected
                                                                                                                                                                                                                                          • API String ID: 1878133881-3513342764
                                                                                                                                                                                                                                          • Opcode ID: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                          • Instruction ID: 63f20fd37bb69ad77514d011d0d55d13b1b2cb7913198abe05f4ee5e1d067b05
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93d1fdc723546ae567f8218d0d5003b65100b09b9274e520b1b2c374812bf196
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58215372628A8691EBB0DB10F4916EA7364FF947C8F805175E68D87A65DF3CD305CB00
                                                                                                                                                                                                                                          Function 00007FF697562B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                                          • String ID: Fatal error detected
                                                                                                                                                                                                                                          • API String ID: 1878133881-4025702859
                                                                                                                                                                                                                                          • Opcode ID: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                          • Instruction ID: 6050e678cbeec2c3f8c6a56f05db5390810d59e767b4c6d2bf3a6a540abbef80
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63802d79dfeaf9ba572d8d5d5ffec4a1fc362ac500ecb438f71a9def6701a566
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15216272628A8692EB70DB11F4516EA7364FF947C8F805175EA8D87A69DF3CD305CB00
                                                                                                                                                                                                                                          Function 00007FF69756FE80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                          • Instruction ID: 2333e6d799654e09c85e8f294f06c23e87001fee2dd35afab2ea9011221d549f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 010ed9957d99c3a93ebfd805af8ad73f2bfdfbf7bf3eba5be717857b77bb313e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5116036A18B8182EBA08F15F4402597BE5FB88B84F584274DE8D47769EF3CC951C700
                                                                                                                                                                                                                                          Function 00007FF69758041C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.2716581410.00007FF697561000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF697560000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716561888.00007FF697560000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716618309.00007FF69758B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF69759E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716643744.00007FF6975A0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.2716686504.00007FF6975A2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_7ff697560000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                          • String ID: :
                                                                                                                                                                                                                                          • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                          • Opcode ID: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                          • Instruction ID: 7e5248ce4e74b01e2714d25a9d82eb90b1cbbe5fabe854567ba05caf6e733994
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d56ef0e9341907a819310a39eb36239c8511962549d77217a4abb3fc68a978d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF01A262E2C24787FBB0AF6094622BE23A0EF84785F944075D54DC66A1EF3CE504CA14

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.1%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:44.6%
                                                                                                                                                                                                                                          Total number of Nodes:148
                                                                                                                                                                                                                                          Total number of Limit Nodes:7
                                                                                                                                                                                                                                          execution_graph 90311 7ffbaa251490 GetSystemInfo 90312 7ffbaa2514c4 90311->90312 90313 7ffbaa0c18c0 PyModule_Create2 90314 7ffbaa0c18fd getenv 90313->90314 90315 7ffbaa0c1a21 90313->90315 90329 7ffbaa0c13d0 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 90314->90329 90420 7ffbaa0ca030 8 API calls 2 library calls 90315->90420 90317 7ffbaa0c1926 90317->90315 90320 7ffbaa0c1940 RtlGetVersion 90317->90320 90319 7ffbaa0c1a33 90321 7ffbaa0c1954 GetSystemInfo InitializeCriticalSection 90320->90321 90384 7ffbaa0c7db0 GetCurrentProcess OpenProcessToken 90321->90384 90325 7ffbaa0c19dd PyModule_GetState PyErr_NewException 90326 7ffbaa0c1a44 36 API calls 90325->90326 90327 7ffbaa0c1a13 90325->90327 90326->90315 90327->90315 90328 7ffbaa0c1a18 _Py_Dealloc 90327->90328 90328->90315 90330 7ffbaa0c1412 GetProcAddress 90329->90330 90331 7ffbaa0c1401 PyErr_SetFromWindowsErrWithFilename 90329->90331 90332 7ffbaa0c1458 GetModuleHandleA 90330->90332 90333 7ffbaa0c1427 PyErr_SetFromWindowsErrWithFilename FreeLibrary 90330->90333 90334 7ffbaa0c143f 90331->90334 90335 7ffbaa0c147a GetProcAddress 90332->90335 90336 7ffbaa0c1471 PyErr_SetFromWindowsErrWithFilename 90332->90336 90333->90334 90334->90317 90335->90336 90338 7ffbaa0c14b7 GetModuleHandleA 90335->90338 90336->90317 90339 7ffbaa0c14d9 GetProcAddress 90338->90339 90340 7ffbaa0c14d0 PyErr_SetFromWindowsErrWithFilename 90338->90340 90339->90340 90342 7ffbaa0c1516 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 90339->90342 90340->90317 90343 7ffbaa0c1544 PyErr_SetFromWindowsErrWithFilename 90342->90343 90344 7ffbaa0c156a GetProcAddress 90342->90344 90343->90317 90345 7ffbaa0c15b0 90344->90345 90346 7ffbaa0c157f PyErr_SetFromWindowsErrWithFilename FreeLibrary 90344->90346 90421 7ffbaa0c12c0 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 90345->90421 90346->90317 90349 7ffbaa0c12c0 7 API calls 90350 7ffbaa0c15ed 90349->90350 90350->90334 90351 7ffbaa0c12c0 7 API calls 90350->90351 90352 7ffbaa0c1610 90351->90352 90352->90334 90353 7ffbaa0c12c0 7 API calls 90352->90353 90354 7ffbaa0c1633 90353->90354 90354->90334 90355 7ffbaa0c12c0 7 API calls 90354->90355 90356 7ffbaa0c1656 90355->90356 90356->90334 90357 7ffbaa0c12c0 7 API calls 90356->90357 90358 7ffbaa0c1679 90357->90358 90358->90334 90359 7ffbaa0c12c0 7 API calls 90358->90359 90360 7ffbaa0c169c 90359->90360 90360->90334 90361 7ffbaa0c12c0 7 API calls 90360->90361 90362 7ffbaa0c16bf 90361->90362 90362->90334 90363 7ffbaa0c16cf GetModuleHandleA 90362->90363 90364 7ffbaa0c16ea GetProcAddress 90363->90364 90365 7ffbaa0c16e1 PyErr_SetFromWindowsErrWithFilename 90363->90365 90364->90365 90367 7ffbaa0c1727 90364->90367 90365->90317 90368 7ffbaa0c12c0 7 API calls 90367->90368 90369 7ffbaa0c1741 90368->90369 90369->90334 90370 7ffbaa0c1751 GetModuleHandleA 90369->90370 90371 7ffbaa0c1763 90370->90371 90372 7ffbaa0c176c GetProcAddress 90370->90372 90373 7ffbaa0c1788 PyErr_SetFromWindowsErrWithFilename 90371->90373 90374 7ffbaa0c1792 90372->90374 90375 7ffbaa0c1781 90372->90375 90373->90374 90376 7ffbaa0c12c0 7 API calls 90374->90376 90375->90373 90377 7ffbaa0c17ac 90376->90377 90378 7ffbaa0c12c0 7 API calls 90377->90378 90379 7ffbaa0c17c6 90378->90379 90380 7ffbaa0c12c0 7 API calls 90379->90380 90381 7ffbaa0c17e0 90380->90381 90382 7ffbaa0c12c0 7 API calls 90381->90382 90383 7ffbaa0c17fa PyErr_Clear 90382->90383 90383->90317 90385 7ffbaa0c7e09 GetLastError 90384->90385 90386 7ffbaa0c7e9d 90384->90386 90389 7ffbaa0c7e66 GetLastError 90385->90389 90390 7ffbaa0c7e16 ImpersonateSelf 90385->90390 90387 7ffbaa0c7ea7 90386->90387 90388 7ffbaa0c7eb1 LookupPrivilegeValueA 90386->90388 90391 7ffbaa0c7d10 7 API calls 90387->90391 90392 7ffbaa0c7f03 AdjustTokenPrivileges 90388->90392 90393 7ffbaa0c7ed1 GetLastError 90388->90393 90438 7ffbaa0c1010 __stdio_common_vsprintf fprintf 90389->90438 90395 7ffbaa0c7e23 90390->90395 90396 7ffbaa0c7e39 OpenProcessToken 90390->90396 90416 7ffbaa0c7e34 90391->90416 90400 7ffbaa0c7f7a AdjustTokenPrivileges 90392->90400 90401 7ffbaa0c7f47 GetLastError 90392->90401 90439 7ffbaa0c1010 __stdio_common_vsprintf fprintf 90393->90439 90436 7ffbaa0c1070 11 API calls 90395->90436 90396->90386 90399 7ffbaa0c7e50 90396->90399 90437 7ffbaa0c1070 11 API calls 90399->90437 90407 7ffbaa0c7fc5 RevertToSelf CloseHandle 90400->90407 90408 7ffbaa0c7fb4 90400->90408 90440 7ffbaa0c1010 __stdio_common_vsprintf fprintf 90401->90440 90402 7ffbaa0c7e86 PyErr_SetFromWindowsErrWithFilename 90409 7ffbaa0c7d10 7 API calls 90402->90409 90403 7ffbaa0c7e2f 90410 7ffbaa0c7d10 7 API calls 90403->90410 90404 7ffbaa0c7ef1 PyErr_SetFromWindowsErrWithFilename 90412 7ffbaa0c7fc0 90404->90412 90407->90416 90441 7ffbaa0c1070 11 API calls 90408->90441 90409->90416 90410->90416 90426 7ffbaa0c7d10 90412->90426 90413 7ffbaa0c7e5c 90418 7ffbaa0c7d10 7 API calls 90413->90418 90414 7ffbaa0c7f69 PyErr_SetFromWindowsErrWithFilename 90414->90412 90442 7ffbaa0ca030 8 API calls 2 library calls 90416->90442 90417 7ffbaa0c19d9 90417->90315 90417->90325 90418->90416 90420->90319 90422 7ffbaa0c130a GetProcAddress 90421->90422 90423 7ffbaa0c12fd PyErr_SetFromWindowsErrWithFilename 90421->90423 90424 7ffbaa0c132f 90422->90424 90425 7ffbaa0c131b PyErr_SetFromWindowsErrWithFilename FreeLibrary 90422->90425 90423->90424 90424->90334 90424->90349 90425->90424 90427 7ffbaa0c7d78 GetLastError 90426->90427 90428 7ffbaa0c7d1d __acrt_iob_func 90426->90428 90430 7ffbaa0c7d83 PyErr_WarnEx 90427->90430 90431 7ffbaa0c7da0 PyErr_Clear 90427->90431 90443 7ffbaa0c1d70 __stdio_common_vfprintf fprintf 90428->90443 90430->90431 90432 7ffbaa0c7d44 __acrt_iob_func 90444 7ffbaa0c1d70 __stdio_common_vfprintf fprintf 90432->90444 90434 7ffbaa0c7d5e __acrt_iob_func 90445 7ffbaa0c1d70 __stdio_common_vfprintf fprintf 90434->90445 90436->90403 90437->90413 90438->90402 90439->90404 90440->90414 90441->90412 90442->90417 90443->90432 90444->90434 90445->90427 90446 7ffbaa0c1dc0 GetSystemTimes 90447 7ffbaa0c1ddd PyErr_SetFromWindowsErr 90446->90447 90448 7ffbaa0c1dec Py_BuildValue 90446->90448 90449 7ffbaa0c1e90 PyList_New 90450 7ffbaa0c1eb7 90449->90450 90451 7ffbaa0c1eae 90449->90451 90452 7ffbaa0c1f3e 90450->90452 90453 7ffbaa0c1edf 90450->90453 90454 7ffbaa0c1f46 __acrt_iob_func 90452->90454 90455 7ffbaa0c1fa1 90452->90455 90457 7ffbaa0c1fcd malloc 90453->90457 90463 7ffbaa0c1ef1 PyErr_SetFromWindowsErr 90453->90463 90480 7ffbaa0c1d70 __stdio_common_vfprintf fprintf 90454->90480 90455->90457 90458 7ffbaa0c1fad PyErr_SetString 90455->90458 90461 7ffbaa0c1fe6 PyErr_NoMemory 90457->90461 90462 7ffbaa0c1ff1 NtQuerySystemInformation 90457->90462 90458->90457 90460 7ffbaa0c1ef9 90458->90460 90459 7ffbaa0c1f6d __acrt_iob_func 90481 7ffbaa0c1d70 __stdio_common_vfprintf fprintf 90459->90481 90465 7ffbaa0c1f09 90460->90465 90466 7ffbaa0c1f00 _Py_Dealloc 90460->90466 90461->90460 90467 7ffbaa0c200d 90462->90467 90477 7ffbaa0c2020 90462->90477 90463->90460 90471 7ffbaa0c1f17 90465->90471 90472 7ffbaa0c1f0e free 90465->90472 90466->90465 90483 7ffbaa0c1350 11 API calls 90467->90483 90468 7ffbaa0c2146 free 90476 7ffbaa0c2157 90468->90476 90469 7ffbaa0c1f87 __acrt_iob_func 90482 7ffbaa0c1d70 __stdio_common_vfprintf fprintf 90469->90482 90472->90471 90473 7ffbaa0c2040 Py_BuildValue 90473->90460 90475 7ffbaa0c2112 PyList_Append 90473->90475 90475->90476 90475->90477 90476->90460 90478 7ffbaa0c2167 _Py_Dealloc 90476->90478 90477->90468 90477->90473 90479 7ffbaa0c212e _Py_Dealloc 90477->90479 90478->90460 90479->90477 90480->90459 90481->90469 90482->90455 90483->90460

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FFBAA0C18C0 Relevance: 142.0, APIs: 44, Strings: 37, Instructions: 235COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720796395.00007FFBAA0C1000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFBAA0C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720768727.00007FFBAA0C0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720814752.00007FFBAA0CB000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720831769.00007FFBAA0D0000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720847060.00007FFBAA0D1000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa0c0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Module_$Constant$Err_$Exception$Eval_ObjectThread$Create2CriticalDeallocFilenameFromInfoInitializeLibraryLoadRestoreSaveSectionStateSystemVersionWindowsWithgetenv
                                                                                                                                                                                                                                          • String ID: ABOVE_NORMAL_PRIORITY_CLASS$BELOW_NORMAL_PRIORITY_CLASS$ERROR_ACCESS_DENIED$ERROR_INVALID_NAME$ERROR_PRIVILEGE_NOT_HELD$ERROR_SERVICE_DOES_NOT_EXIST$HIGH_PRIORITY_CLASS$IDLE_PRIORITY_CLASS$INFINITE$MIB_TCP_STATE_CLOSED$MIB_TCP_STATE_CLOSE_WAIT$MIB_TCP_STATE_CLOSING$MIB_TCP_STATE_DELETE_TCB$MIB_TCP_STATE_ESTAB$MIB_TCP_STATE_FIN_WAIT1$MIB_TCP_STATE_FIN_WAIT2$MIB_TCP_STATE_LAST_ACK$MIB_TCP_STATE_LISTEN$MIB_TCP_STATE_SYN_RCVD$MIB_TCP_STATE_SYN_SENT$MIB_TCP_STATE_TIME_WAIT$NORMAL_PRIORITY_CLASS$PSUTIL_CONN_NONE$PSUTIL_DEBUG$REALTIME_PRIORITY_CLASS$TimeoutAbandoned$TimeoutExpired$WINDOWS_10$WINDOWS_7$WINDOWS_8$WINDOWS_8_1$WINDOWS_VISTA$WINVER$_psutil_windows.Error$_psutil_windows.TimeoutAbandoned$_psutil_windows.TimeoutExpired$version
                                                                                                                                                                                                                                          • API String ID: 887074641-2468274236
                                                                                                                                                                                                                                          • Opcode ID: 4656843fcfd9a4fab3e528a616cb0e139eca0cf32d439c792de87cd9eebb126e
                                                                                                                                                                                                                                          • Instruction ID: ff441b622a9eff5b759eadc2f40862a941663ed8715d40a3394f9669f7de5232
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4656843fcfd9a4fab3e528a616cb0e139eca0cf32d439c792de87cd9eebb126e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04C130A4A1EA03C2E6728F32E9503782369AF4ABD1F4040B2CD4E47764DF6DE567C721
                                                                                                                                                                                                                                          Function 00007FFBAA0C1E90 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 182COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 95 7ffbaa0c1e90-7ffbaa0c1eac PyList_New 96 7ffbaa0c1eb7-7ffbaa0c1edd 95->96 97 7ffbaa0c1eae-7ffbaa0c1eb6 95->97 98 7ffbaa0c1f3e-7ffbaa0c1f44 96->98 99 7ffbaa0c1edf-7ffbaa0c1eeb 96->99 100 7ffbaa0c1f46-7ffbaa0c1f9c __acrt_iob_func call 7ffbaa0c1d70 __acrt_iob_func call 7ffbaa0c1d70 __acrt_iob_func call 7ffbaa0c1d70 98->100 101 7ffbaa0c1fa1-7ffbaa0c1fab 98->101 103 7ffbaa0c1fcd-7ffbaa0c1fe4 malloc 99->103 110 7ffbaa0c1ef1-7ffbaa0c1ef3 PyErr_SetFromWindowsErr 99->110 100->101 101->103 104 7ffbaa0c1fad-7ffbaa0c1fc7 PyErr_SetString 101->104 108 7ffbaa0c1fe6-7ffbaa0c1fec PyErr_NoMemory 103->108 109 7ffbaa0c1ff1-7ffbaa0c200b NtQuerySystemInformation 103->109 104->103 107 7ffbaa0c1ef9-7ffbaa0c1efe 104->107 112 7ffbaa0c1f09-7ffbaa0c1f0c 107->112 113 7ffbaa0c1f00-7ffbaa0c1f03 _Py_Dealloc 107->113 108->107 114 7ffbaa0c200d-7ffbaa0c201b call 7ffbaa0c1350 109->114 115 7ffbaa0c2020-7ffbaa0c2023 109->115 110->107 120 7ffbaa0c1f17-7ffbaa0c1f3d 112->120 121 7ffbaa0c1f0e-7ffbaa0c1f11 free 112->121 113->112 114->107 116 7ffbaa0c2146-7ffbaa0c214f free 115->116 117 7ffbaa0c2029-7ffbaa0c203d 115->117 126 7ffbaa0c2157-7ffbaa0c2161 116->126 122 7ffbaa0c2040-7ffbaa0c210c Py_BuildValue 117->122 121->120 122->107 125 7ffbaa0c2112-7ffbaa0c2123 PyList_Append 122->125 125->126 127 7ffbaa0c2125-7ffbaa0c212c 125->127 126->107 128 7ffbaa0c2167-7ffbaa0c2170 _Py_Dealloc 126->128 129 7ffbaa0c2137-7ffbaa0c2140 127->129 130 7ffbaa0c212e-7ffbaa0c2131 _Py_Dealloc 127->130 128->107 129->116 129->122 130->129
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720796395.00007FFBAA0C1000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFBAA0C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720768727.00007FFBAA0C0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720814752.00007FFBAA0CB000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720831769.00007FFBAA0D0000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720847060.00007FFBAA0D1000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa0c0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_FromList_Windowsfree
                                                                                                                                                                                                                                          • String ID: (ddddd)$GetActiveProcessorCount() not available; using GetSystemInfo()$GetSystemInfo() failed to retrieve CPU count$NtQuerySystemInformation(SystemProcessorPerformanceInformation)$psutil-debug [%s:%d]> $psutil/arch/windows\cpu.c
                                                                                                                                                                                                                                          • API String ID: 2064544276-4027580629
                                                                                                                                                                                                                                          • Opcode ID: 7190dbfe5ddc8fd9770f88d7c9040de05d44c9cbbe8f5b86af6aa6a4fad55d9a
                                                                                                                                                                                                                                          • Instruction ID: 78f8252d3cc280b2cf740bfc389c17adaa2a4342ed2f7dc9e585fa6f1fc7b420
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7190dbfe5ddc8fd9770f88d7c9040de05d44c9cbbe8f5b86af6aa6a4fad55d9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5371D671E1AA03CAE6639F36D450239A369AF55B80B044373ED4F62650EF3CE4678220
                                                                                                                                                                                                                                          Function 00007FFBAA0C7DB0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 128COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720796395.00007FFBAA0C1000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFBAA0C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720768727.00007FFBAA0C0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720814752.00007FFBAA0CB000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720831769.00007FFBAA0D0000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720847060.00007FFBAA0D1000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa0c0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$Err_Process__acrt_iob_funcfprintf$FilenameFromOpenTokenWindowsWith$CurrentImpersonateSelfWarn
                                                                                                                                                                                                                                          • String ID: (originated from %s)$AdjustTokenPrivileges$ImpersonateSelf$LookupPrivilegeValue$OpenProcessToken$SeDebugPrivilege
                                                                                                                                                                                                                                          • API String ID: 2544101647-3705996988
                                                                                                                                                                                                                                          • Opcode ID: 34da3196203b84411ab0fd01f7fc5e768038530ca3460100517b82b84452998e
                                                                                                                                                                                                                                          • Instruction ID: 4c3ce82d886cc7070530e9ab91dccd9f44be01dd10aac34da94df9552dcfdec4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34da3196203b84411ab0fd01f7fc5e768038530ca3460100517b82b84452998e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED514CA1A1EA43D2E7329F31E4402A96778FB45784F5040B3ED8E426A4DF3CE52BC760
                                                                                                                                                                                                                                          Function 00007FFBAA0C13D0 Relevance: 89.5, APIs: 27, Strings: 24, Instructions: 229libraryloaderthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 29 7ffbaa0c13d0-7ffbaa0c13ff PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 30 7ffbaa0c1412-7ffbaa0c1425 GetProcAddress 29->30 31 7ffbaa0c1401-7ffbaa0c1410 PyErr_SetFromWindowsErrWithFilename 29->31 33 7ffbaa0c1458-7ffbaa0c146f GetModuleHandleA 30->33 34 7ffbaa0c1427-7ffbaa0c1439 PyErr_SetFromWindowsErrWithFilename FreeLibrary 30->34 32 7ffbaa0c143f-7ffbaa0c1441 31->32 35 7ffbaa0c1448-7ffbaa0c1457 32->35 36 7ffbaa0c147a-7ffbaa0c148d GetProcAddress 33->36 37 7ffbaa0c1471-7ffbaa0c1478 33->37 34->32 39 7ffbaa0c14b7-7ffbaa0c14ce GetModuleHandleA 36->39 40 7ffbaa0c148f 36->40 38 7ffbaa0c1496-7ffbaa0c14b6 PyErr_SetFromWindowsErrWithFilename 37->38 41 7ffbaa0c14d9-7ffbaa0c14ec GetProcAddress 39->41 42 7ffbaa0c14d0-7ffbaa0c14d7 39->42 40->38 44 7ffbaa0c1516-7ffbaa0c1542 PyEval_SaveThread LoadLibraryA PyEval_RestoreThread 41->44 45 7ffbaa0c14ee 41->45 43 7ffbaa0c14f5-7ffbaa0c1515 PyErr_SetFromWindowsErrWithFilename 42->43 46 7ffbaa0c1544-7ffbaa0c1569 PyErr_SetFromWindowsErrWithFilename 44->46 47 7ffbaa0c156a-7ffbaa0c157d GetProcAddress 44->47 45->43 48 7ffbaa0c15b0-7ffbaa0c15d4 call 7ffbaa0c12c0 47->48 49 7ffbaa0c157f-7ffbaa0c15af PyErr_SetFromWindowsErrWithFilename FreeLibrary 47->49 48->35 52 7ffbaa0c15da-7ffbaa0c15f7 call 7ffbaa0c12c0 48->52 52->35 55 7ffbaa0c15fd-7ffbaa0c161a call 7ffbaa0c12c0 52->55 55->35 58 7ffbaa0c1620-7ffbaa0c163d call 7ffbaa0c12c0 55->58 58->35 61 7ffbaa0c1643-7ffbaa0c1660 call 7ffbaa0c12c0 58->61 61->35 64 7ffbaa0c1666-7ffbaa0c1683 call 7ffbaa0c12c0 61->64 64->35 67 7ffbaa0c1689-7ffbaa0c16a6 call 7ffbaa0c12c0 64->67 67->35 70 7ffbaa0c16ac-7ffbaa0c16c9 call 7ffbaa0c12c0 67->70 70->35 73 7ffbaa0c16cf-7ffbaa0c16df GetModuleHandleA 70->73 74 7ffbaa0c16ea-7ffbaa0c16fd GetProcAddress 73->74 75 7ffbaa0c16e1-7ffbaa0c16e8 73->75 77 7ffbaa0c1727-7ffbaa0c174b call 7ffbaa0c12c0 74->77 78 7ffbaa0c16ff 74->78 76 7ffbaa0c1706-7ffbaa0c1726 PyErr_SetFromWindowsErrWithFilename 75->76 77->35 81 7ffbaa0c1751-7ffbaa0c1761 GetModuleHandleA 77->81 78->76 82 7ffbaa0c1763-7ffbaa0c176a 81->82 83 7ffbaa0c176c-7ffbaa0c177f GetProcAddress 81->83 84 7ffbaa0c1788-7ffbaa0c1790 PyErr_SetFromWindowsErrWithFilename 82->84 85 7ffbaa0c1792-7ffbaa0c17c1 call 7ffbaa0c12c0 * 2 83->85 86 7ffbaa0c1781 83->86 84->85 90 7ffbaa0c17c6-7ffbaa0c1813 call 7ffbaa0c12c0 * 2 PyErr_Clear 85->90 86->84
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720796395.00007FFBAA0C1000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFBAA0C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720768727.00007FFBAA0C0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720814752.00007FFBAA0CB000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720831769.00007FFBAA0D0000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720847060.00007FFBAA0D1000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa0c0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_FilenameFromWindowsWith$AddressEval_LibraryProcThread$FreeHandleLoadModuleRestoreSave
                                                                                                                                                                                                                                          • String ID: GetActiveProcessorCount$GetExtendedTcpTable$GetExtendedUdpTable$GetLogicalProcessorInformationEx$GetTickCount64$NtQueryInformationProcess$NtQueryObject$NtQuerySystemInformation$NtQueryVirtualMemory$NtResumeProcess$NtSetInformationProcess$NtSuspendProcess$RtlGetVersion$RtlIpv4AddressToStringA$RtlIpv6AddressToStringA$RtlNtStatusToDosErrorNoTeb$WTSEnumerateSessionsW$WTSFreeMemory$WTSQuerySessionInformationW$iphlpapi.dll$kernel32$ntdll$ntdll.dll$wtsapi32.dll
                                                                                                                                                                                                                                          • API String ID: 3787047288-761253638
                                                                                                                                                                                                                                          • Opcode ID: 6b7c78cd98652e75907c508de1284e9f0e804c7fc3037098929c04c6a191e3dd
                                                                                                                                                                                                                                          • Instruction ID: 6864ff7a24d58586caed63e3cb8fc4ad00959f9a4dc5f7e9184f54f94f7c2ce4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b7c78cd98652e75907c508de1284e9f0e804c7fc3037098929c04c6a191e3dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3C1DAE4A0BA07C0FA769F35F89417923ACAF55741F8415B6CC8E46264EF2CE57AC320
                                                                                                                                                                                                                                          Function 00007FFBAA0C12C0 Relevance: 10.5, APIs: 7, Instructions: 37librarythreadloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720796395.00007FFBAA0C1000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFBAA0C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720768727.00007FFBAA0C0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720814752.00007FFBAA0CB000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720831769.00007FFBAA0D0000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720847060.00007FFBAA0D1000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa0c0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Eval_FilenameFromLibraryThreadWindowsWith$AddressFreeLoadProcRestoreSave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 568911590-0
                                                                                                                                                                                                                                          • Opcode ID: e2200b3415209b6f4be3470a672ca2eac9ae6c36c8dafb9bbec9a9066c3d2c4c
                                                                                                                                                                                                                                          • Instruction ID: e07550b786d96512f8d9b9bd10c76d22ec3e82822e381d76089046740f1e2b83
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2200b3415209b6f4be3470a672ca2eac9ae6c36c8dafb9bbec9a9066c3d2c4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E011AA0A1EA47C1EA269F33F90813E6269BB4AFC5B444076DD8E47B54DE3CD8668610
                                                                                                                                                                                                                                          Function 00007FFBAA0C1DC0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720796395.00007FFBAA0C1000.00000020.00000001.01000000.00000033.sdmp, Offset: 00007FFBAA0C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720768727.00007FFBAA0C0000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720814752.00007FFBAA0CB000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720831769.00007FFBAA0D0000.00000004.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720847060.00007FFBAA0D1000.00000002.00000001.01000000.00000033.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa0c0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildErr_FromSystemTimesValueWindows
                                                                                                                                                                                                                                          • String ID: (ddd)
                                                                                                                                                                                                                                          • API String ID: 2325294781-2401937087
                                                                                                                                                                                                                                          • Opcode ID: ba0bdbf672466f0367906313a703a410643c45962e3f53d94245850bb14888e0
                                                                                                                                                                                                                                          • Instruction ID: 0b634de444d30b07e7874b9cc4876203b1f2b5e6e19a648f6841aa35b226676b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba0bdbf672466f0367906313a703a410643c45962e3f53d94245850bb14888e0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE119A71E29E428FC563DB35D940515E3A9AFA6790B448323F94FB1E50E72CE0978B10
                                                                                                                                                                                                                                          Function 00007FFBAA251490 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 180 7ffbaa251490-7ffbaa2514c2 GetSystemInfo 181 7ffbaa2514c8-7ffbaa2514d9 180->181 182 7ffbaa2514c4-7ffbaa2514c6 180->182 183 7ffbaa2514e4-7ffbaa2514f5 181->183 187 7ffbaa2514db 181->187 182->183 185 7ffbaa251500-7ffbaa251503 183->185 186 7ffbaa2514f7-7ffbaa2514fe 183->186 188 7ffbaa251535-7ffbaa251546 185->188 189 7ffbaa251505-7ffbaa25150d 185->189 186->188 187->183 192 7ffbaa251558-7ffbaa25155f 188->192 193 7ffbaa251548-7ffbaa251551 188->193 190 7ffbaa25150f 189->190 191 7ffbaa251524-7ffbaa251528 189->191 196 7ffbaa251513-7ffbaa251516 190->196 191->188 197 7ffbaa25152a-7ffbaa251531 191->197 194 7ffbaa251561-7ffbaa251563 192->194 195 7ffbaa251565-7ffbaa251576 192->195 193->192 199 7ffbaa251588-7ffbaa251592 194->199 204 7ffbaa251581 195->204 205 7ffbaa251578 195->205 196->191 200 7ffbaa251518-7ffbaa251522 196->200 197->188 202 7ffbaa2515a4-7ffbaa2515a7 199->202 203 7ffbaa251594-7ffbaa2515a2 199->203 200->191 200->196 207 7ffbaa2515ef-7ffbaa2515f9 202->207 208 7ffbaa2515a9-7ffbaa2515b1 202->208 206 7ffbaa2515d9-7ffbaa2515dc 203->206 204->199 205->204 206->207 209 7ffbaa2515de-7ffbaa2515ed 206->209 210 7ffbaa251600-7ffbaa251603 207->210 211 7ffbaa2515c8-7ffbaa2515cc 208->211 212 7ffbaa2515b3 208->212 209->210 214 7ffbaa251615-7ffbaa25161c 210->214 215 7ffbaa251605-7ffbaa25160e 210->215 211->206 213 7ffbaa2515ce-7ffbaa2515d5 211->213 216 7ffbaa2515b7-7ffbaa2515ba 212->216 213->206 218 7ffbaa251622-7ffbaa251633 214->218 219 7ffbaa25161e-7ffbaa251620 214->219 215->214 216->211 217 7ffbaa2515bc-7ffbaa2515c6 216->217 217->211 217->216 228 7ffbaa25163e 218->228 229 7ffbaa251635 218->229 221 7ffbaa251645-7ffbaa25164f 219->221 222 7ffbaa251661-7ffbaa251664 221->222 223 7ffbaa251651-7ffbaa25165f 221->223 226 7ffbaa2516ac-7ffbaa2516b6 222->226 227 7ffbaa251666-7ffbaa25166e 222->227 225 7ffbaa251696-7ffbaa251699 223->225 225->226 232 7ffbaa25169b-7ffbaa2516aa 225->232 233 7ffbaa2516bd-7ffbaa2516c0 226->233 230 7ffbaa251670 227->230 231 7ffbaa251685-7ffbaa251689 227->231 228->221 229->228 234 7ffbaa251674-7ffbaa251677 230->234 231->225 235 7ffbaa25168b-7ffbaa251692 231->235 232->233 236 7ffbaa2516d2-7ffbaa2516d9 233->236 237 7ffbaa2516c2-7ffbaa2516cb 233->237 234->231 240 7ffbaa251679-7ffbaa251683 234->240 235->225 238 7ffbaa2516df-7ffbaa2516f0 236->238 239 7ffbaa2516db-7ffbaa2516dd 236->239 237->236 246 7ffbaa2516f2 238->246 247 7ffbaa2516fb 238->247 242 7ffbaa251702-7ffbaa25170c 239->242 240->231 240->234 244 7ffbaa25171e-7ffbaa251721 242->244 245 7ffbaa25170e-7ffbaa25171c 242->245 249 7ffbaa251769-7ffbaa251770 244->249 250 7ffbaa251723-7ffbaa25172b 244->250 248 7ffbaa251753-7ffbaa251756 245->248 246->247 247->242 248->249 251 7ffbaa251758-7ffbaa251767 248->251 252 7ffbaa251777-7ffbaa25177a 249->252 253 7ffbaa251742-7ffbaa251746 250->253 254 7ffbaa25172d 250->254 251->252 256 7ffbaa25177c 252->256 257 7ffbaa251785-7ffbaa25178c 252->257 253->248 255 7ffbaa251748-7ffbaa25174f 253->255 258 7ffbaa251731-7ffbaa251734 254->258 255->248 256->257 260 7ffbaa2517a1-7ffbaa2517ba 257->260 261 7ffbaa25178e-7ffbaa2517a0 257->261 258->253 259 7ffbaa251736-7ffbaa251740 258->259 259->253 259->258
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722353498.00007FFBAA241000.00000020.00000001.01000000.0000001C.sdmp, Offset: 00007FFBAA240000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722295611.00007FFBAA240000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722487174.00007FFBAA36C000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722570678.00007FFBAA39A000.00000004.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722590871.00007FFBAA39F000.00000002.00000001.01000000.0000001C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa240000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                                                                                          • Opcode ID: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                          • Instruction ID: b92aaee9a13997f3b9fa837d9909199b7d6c4c0d3c71f97c2847e0284f0b0440
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92d82e4b214818c158f58746d604a038a40c5e57c576eefab9a689c2dc8594a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACA1E7A5E0BB03C5EE5BAB65E4A023823D9FF44B84F5805B5DD4E06394DF7CE4A39220

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 00007FFBAA215180 Relevance: 103.6, APIs: 45, Strings: 14, Instructions: 370encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 440 7ffbaa215180-7ffbaa2151eb _PyArg_ParseTupleAndKeywords_SizeT 441 7ffbaa2151ed-7ffbaa2151ef 440->441 442 7ffbaa2151f4-7ffbaa21520c 440->442 443 7ffbaa21577f-7ffbaa215798 call 7ffbaa21f380 441->443 444 7ffbaa215212-7ffbaa215215 442->444 445 7ffbaa215636-7ffbaa21564f PyList_New 442->445 446 7ffbaa21521b-7ffbaa21521e 444->446 447 7ffbaa2154e4-7ffbaa215507 CryptGetProvParam 444->447 448 7ffbaa21576c-7ffbaa215777 445->448 449 7ffbaa215655-7ffbaa215672 CryptGetProvParam 445->449 454 7ffbaa215224-7ffbaa21522d 446->454 455 7ffbaa215367-7ffbaa215380 PyList_New 446->455 452 7ffbaa215516-7ffbaa215525 malloc 447->452 453 7ffbaa215509-7ffbaa215511 GetLastError 447->453 448->443 456 7ffbaa215731-7ffbaa21573e GetLastError 449->456 457 7ffbaa215678-7ffbaa21567f 449->457 459 7ffbaa21552b-7ffbaa215539 PyList_New 452->459 460 7ffbaa215260-7ffbaa21527b PyErr_Format 452->460 458 7ffbaa21575f-7ffbaa215766 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 453->458 463 7ffbaa215233-7ffbaa215246 CryptGetProvParam 454->463 464 7ffbaa215345-7ffbaa215362 CryptGetProvParam PyBool_FromLong 454->464 455->448 461 7ffbaa215386-7ffbaa2153a3 CryptGetProvParam 455->461 456->448 462 7ffbaa215740-7ffbaa215744 456->462 465 7ffbaa215680-7ffbaa2156c5 ?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z _Py_BuildValue_SizeT 457->465 458->448 466 7ffbaa21553f-7ffbaa21555b CryptGetProvParam 459->466 467 7ffbaa215628-7ffbaa215631 free 459->467 460->448 461->456 468 7ffbaa2153a9-7ffbaa2153ce 461->468 469 7ffbaa21574f-7ffbaa21575b PyErr_Occurred 462->469 470 7ffbaa215746-7ffbaa215749 _Py_Dealloc 462->470 471 7ffbaa21524f-7ffbaa21525e malloc 463->471 472 7ffbaa215248-7ffbaa21524a 463->472 464->448 465->456 473 7ffbaa2156c7-7ffbaa2156d9 PyList_Append 465->473 474 7ffbaa2155ed-7ffbaa2155fa GetLastError 466->474 475 7ffbaa215561-7ffbaa215565 466->475 467->448 476 7ffbaa2153d0-7ffbaa215463 ?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z * 2 _Py_BuildValue_SizeT 468->476 469->448 477 7ffbaa21575d 469->477 470->469 471->460 478 7ffbaa215280-7ffbaa21529c CryptGetProvParam 471->478 472->458 479 7ffbaa2156db-7ffbaa2156e2 473->479 480 7ffbaa21571c-7ffbaa215726 473->480 474->467 481 7ffbaa2155fc-7ffbaa215600 474->481 483 7ffbaa215570-7ffbaa215586 ?PyWinCoreString_FromString@@YAPEAU_object@@PEBD_J@Z 475->483 484 7ffbaa2154cf-7ffbaa2154df 476->484 485 7ffbaa215465-7ffbaa215477 PyList_Append 476->485 477->458 486 7ffbaa21529e-7ffbaa2152a0 478->486 487 7ffbaa2152a5-7ffbaa2152ae 478->487 488 7ffbaa2156ed-7ffbaa2156f2 479->488 489 7ffbaa2156e4-7ffbaa2156e7 _Py_Dealloc 479->489 480->456 482 7ffbaa215728-7ffbaa21572b _Py_Dealloc 480->482 492 7ffbaa21560b-7ffbaa215617 PyErr_Occurred 481->492 493 7ffbaa215602-7ffbaa215605 _Py_Dealloc 481->493 482->456 483->474 494 7ffbaa215588-7ffbaa21559a PyList_Append 483->494 484->456 495 7ffbaa215479-7ffbaa215480 485->495 496 7ffbaa2154ba-7ffbaa2154c4 485->496 497 7ffbaa21561b-7ffbaa215622 ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z 486->497 498 7ffbaa215320-7ffbaa215340 PyErr_SetString free 487->498 499 7ffbaa2152b0-7ffbaa2152c6 487->499 490 7ffbaa2156f4-7ffbaa2156f7 488->490 491 7ffbaa2156fa-7ffbaa215714 CryptGetProvParam 488->491 489->488 490->491 491->465 500 7ffbaa21571a 491->500 492->467 501 7ffbaa215619 492->501 493->492 502 7ffbaa21559c-7ffbaa2155a3 494->502 503 7ffbaa2155d8-7ffbaa2155e2 494->503 504 7ffbaa21548b-7ffbaa215490 495->504 505 7ffbaa215482-7ffbaa215485 _Py_Dealloc 495->505 496->484 506 7ffbaa2154c6-7ffbaa2154c9 _Py_Dealloc 496->506 497->467 498->448 499->498 500->456 501->497 508 7ffbaa2155ae-7ffbaa2155b3 502->508 509 7ffbaa2155a5-7ffbaa2155a8 _Py_Dealloc 502->509 503->474 507 7ffbaa2155e4-7ffbaa2155e7 _Py_Dealloc 503->507 510 7ffbaa215492-7ffbaa215495 504->510 511 7ffbaa215498-7ffbaa2154b2 CryptGetProvParam 504->511 505->504 506->484 507->474 512 7ffbaa2155bb-7ffbaa2155d4 CryptGetProvParam 508->512 513 7ffbaa2155b5-7ffbaa2155b8 508->513 509->508 510->511 511->476 514 7ffbaa2154b8 511->514 512->483 515 7ffbaa2155d6 512->515 513->512 514->484 515->474
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptError@@Keywords_ParamParseProvSizeTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: Algid$BitLen$CryptGetProvParam$CryptGetProvParam: Unable to allocate %d bytes$DefaultLen$LongName$MaxLen$MinLen$Name$Protocols$The provider parameter specified is not yet implemented$k|k:CryptGetProvParam${s:I,s:k,s:N}${s:I,s:k,s:k,s:k,s:k,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3402344487-1526417634
                                                                                                                                                                                                                                          • Opcode ID: 64309e5954085b53396aad154ef7aaad2a5761a9f961f8c1f8a6f8d5381864ba
                                                                                                                                                                                                                                          • Instruction ID: b5cf3a2201b00e76618cde648a0cd830bb25e6f232a0ad948705efcbe1e2d7be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64309e5954085b53396aad154ef7aaad2a5761a9f961f8c1f8a6f8d5381864ba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD024CB1E0A742CAEB12AF74D8545AD37A8BB48748F5401B6CD0D53B58DF3CE52AE710
                                                                                                                                                                                                                                          Function 00007FFBAA21BA90 Relevance: 66.8, APIs: 29, Strings: 9, Instructions: 325encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ReferenceThreadfree$CertErr_$BufferBuildCertificateContextCryptDecodeError@@FreeMessageOccurredRestoreSaveU_object@@ValueView@@Win_$Arg_Bytes_CloseFromKeywordsMemoryParseSizeStoreStringTupleU_object@@_malloc
                                                                                                                                                                                                                                          • String ID: CryptDecodeMessage$Decoded$InnerContentType$MsgType$OO|Okkkl:CryptDecodeMessage$SignerCert$XchgCert${s:k,s:k,s:N,s:N,s:N}${s:k,s:k,s:O,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 4057531286-845939780
                                                                                                                                                                                                                                          • Opcode ID: d163da28cbbd00dbaa565c0461f76f4231509ddc6b3ca79b9bb0bb6c89bbec9d
                                                                                                                                                                                                                                          • Instruction ID: 0c8b53a34eb19ff5216109f4cac14e58fb4a4d934d161809d33fee7b3c9a4403
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d163da28cbbd00dbaa565c0461f76f4231509ddc6b3ca79b9bb0bb6c89bbec9d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F17B72A0AB41CAE7129F71E8906A977B8FB48784F504176DE4D03B28DF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21C000 Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 218encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$CertCertificateContextErr_U_object@@free$BufferCryptDeallocEncryptError@@FreeMessageRestoreSaveView@@Win_malloc$Arg_DuplicateFormatKeywordsMemoryParseSequence_StringTupleTuple@@U_object@@_memset
                                                                                                                                                                                                                                          • String ID: CryptEncryptMessage$CryptEncryptMessage: Unable to allocate %d bytes$OOO:CryptEncryptMessage$Object must be of type PyCERT_CONTEXT$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 512897165-3430610400
                                                                                                                                                                                                                                          • Opcode ID: 529fe1ca38a6c0d506bb8ae2216e6dc18d2c8dfab7fcf6eccc285540f5b0a2be
                                                                                                                                                                                                                                          • Instruction ID: 623b094f42760da2d3dcd1dcfbebc96cc33e718f75023f64a2037cf59583665a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 529fe1ca38a6c0d506bb8ae2216e6dc18d2c8dfab7fcf6eccc285540f5b0a2be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EA14F79B0AB42C6E712AF71E45057D37A9BB94B88B140172DD0E53B58DF3CE46AD320
                                                                                                                                                                                                                                          Function 00007FFBAA21D6E0 Relevance: 54.4, APIs: 22, Strings: 9, Instructions: 182stringthreadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Format$strcmp$Eval_StringThread$Arg_Bytes_ClearCryptEncodeError@@FreeKeywordsLocalLong_ObjectOccurredParseRestoreSaveTupleU_object@@VoidWin_freemalloc
                                                                                                                                                                                                                                          • String ID: %d is an invalid value for object identifier$2.5.29.15$2.5.29.37$CryptDecodeObjectEx$CryptEncodeObjectEx: Type %d is not yet supported$CryptEncodeObjectEx: Type %s is not yet supported$EncodePara not yet supported$OO|kkO:CryptEncodeObjectEx$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 3441675147-238870163
                                                                                                                                                                                                                                          • Opcode ID: c7ffe5899ebcaf9878d4f7cc2bd2bb8ef3adad906e030075b678c1cdf3a73c12
                                                                                                                                                                                                                                          • Instruction ID: 69a1d6d100d95d7c3ee1d27261d7e78d6b98c6ad29d3cc2e1e30208d6a3fe501
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7ffe5899ebcaf9878d4f7cc2bd2bb8ef3adad906e030075b678c1cdf3a73c12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 648120B5A0AB02C5EA56AB31E45457967A9BF44BC0F4500B2CD4D07768EF3CE86BE720
                                                                                                                                                                                                                                          Function 00007FFBAA21C8D0 Relevance: 50.9, APIs: 23, Strings: 6, Instructions: 181threadencryptionwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferErr_Eval_ThreadView@@$Arg_BuildCryptError@@KeywordsMessageOccurredParseRestoreSaveSignatureStringTupleU_object@@U_object@@_ValueVerifyWin_free
                                                                                                                                                                                                                                          • String ID: CryptVerifyMessageSignature$Decoded$O|kOl:CryptVerifyMessageSignature$SignerCert${s:N, s:N}${s:N, s:O}
                                                                                                                                                                                                                                          • API String ID: 1769599431-3278881437
                                                                                                                                                                                                                                          • Opcode ID: d7504339392ae67a4c528163a47179dbc2da1b7d1d0aebebeb9b463705b4a410
                                                                                                                                                                                                                                          • Instruction ID: 955c1e20e755ec4483d1e0eb00b8b626a30dd16ecf5082ec0ecca161cb844f17
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7504339392ae67a4c528163a47179dbc2da1b7d1d0aebebeb9b463705b4a410
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A912BB5A0AB42C5E712AF71E4506AD33A9FB44B88B040176DE0D53B5CDF3CE56AD360
                                                                                                                                                                                                                                          Function 00007FFBAA21D2F0 Relevance: 49.2, APIs: 22, Strings: 6, Instructions: 207encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$BufferEval_StringThreadView@@free$Arg_CertCloseCryptDecryptError@@KeywordsMemoryMessageParseRestoreSaveSignatureStoreTupleU_object@@U_object@@_VerifyWin_malloc
                                                                                                                                                                                                                                          • String ID: CryptDecryptAndVerifyMessageSignature$Decrypted$OO|Ok:CryptDecryptAndVerifyMessageSignature$SignerCert$XchgCert${s:N,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 1292940556-2987117642
                                                                                                                                                                                                                                          • Opcode ID: 5dc36eb81c97b1bb1a6b1c11db8528a42ea9ea6bb171914f17a4f5a012f741ed
                                                                                                                                                                                                                                          • Instruction ID: 102bbbe2224cef66a58b21620cb0d80e915f48ac452b92ae29bc793ce7838161
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dc36eb81c97b1bb1a6b1c11db8528a42ea9ea6bb171914f17a4f5a012f741ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56A16072A1AB42C6EB12AF71E85056977A8FB88788F440176DE4D03B1CDF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1EDB00 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 106libraryloadermemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$CriticalSection$AllocDeleteFreeHandleInitializeLibraryLoadModule
                                                                                                                                                                                                                                          • String ID: AddAccessAllowedAce$AddAccessAllowedAceEx$AddAccessAllowedObjectAce$AddAccessDeniedAce$AddAccessDeniedAceEx$AddAccessDeniedObjectAce$AddAuditAccessAceEx$AddAuditAccessObjectAce$AddMandatoryAce$AdvAPI32.dll$SetSecurityDescriptorControl
                                                                                                                                                                                                                                          • API String ID: 3842108915-2689366622
                                                                                                                                                                                                                                          • Opcode ID: 00abef228cb45286ba7f1125ddbe3760151564b421905c27eb664f72b636958c
                                                                                                                                                                                                                                          • Instruction ID: a719a1a0ed2864f7ade56be616e62cc900d68838fef9f4c5d8f41ab66d28b62e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00abef228cb45286ba7f1125ddbe3760151564b421905c27eb664f72b636958c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05519CA5A0EB42E5FE879F25FC5417833A8AF45781B4500B6CD4F52364EF2CE89A9320
                                                                                                                                                                                                                                          Function 00007FFBAA21E570 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 155threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Eval_FormatThread$U_object@@$BufferCryptError@@ObjectRestoreSaveStringView@@Win_$Arg_Bytes_ClearFromKeywordsLong_Object_OccurredParseTupleU_object@@_Voidfreemalloc
                                                                                                                                                                                                                                          • String ID: %d is an invalid value for object identifier$CryptFormatObject$FormatStruct must be None$OO|kkkO:CryptFormatObject$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 1738280576-2598896384
                                                                                                                                                                                                                                          • Opcode ID: 749afef5a0e22891906243e654e2439f1e3b7d6c6e9efd824715a5c57ec99ec4
                                                                                                                                                                                                                                          • Instruction ID: 3ba9cdb436138523ac28a5ad7fcf7e2f7f0a42230da11181a68946dc67d75bba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 749afef5a0e22891906243e654e2439f1e3b7d6c6e9efd824715a5c57ec99ec4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70710875B0AB42C6E711EF61E8505AD37A8FB48B84B440176DE4E13B68DF3CE42AD750
                                                                                                                                                                                                                                          Function 00007FFBAA219B80 Relevance: 45.6, APIs: 24, Strings: 2, Instructions: 145threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$CryptEnumProviderRestoreSaveTypes$DeallocList_$AppendBuildErr_ErrorError@@LastOccurredU_object@@ValueWin_freemalloc
                                                                                                                                                                                                                                          • String ID: CryptEnumProviderTypes$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 83091446-1627254570
                                                                                                                                                                                                                                          • Opcode ID: 0e3e7ad691b5910fabc2ccf086f793931fe9c097077189e3df1aa89b791de055
                                                                                                                                                                                                                                          • Instruction ID: 4c73d06ca7e8136d296f13a18ee94bc1f556297a457a8c514f3007c567b42557
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e3e7ad691b5910fabc2ccf086f793931fe9c097077189e3df1aa89b791de055
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09515FB1A0AB42C2EB16AB31E45453967A8FF48B90F540475DE4E03768DF3CE06AD720
                                                                                                                                                                                                                                          Function 00007FFBAA219940 Relevance: 45.6, APIs: 24, Strings: 2, Instructions: 141threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$CryptEnumProvidersRestoreSave$DeallocList_$AppendBuildErr_ErrorError@@LastOccurredU_object@@ValueWin_freemalloc
                                                                                                                                                                                                                                          • String ID: CryptEnumProviders$CryptEnumProviders: Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 397729511-1471041950
                                                                                                                                                                                                                                          • Opcode ID: a7db30330fe96b6a33faa7c652ec8790cdb55a8d45e00fec0710eead2d8aa37e
                                                                                                                                                                                                                                          • Instruction ID: eb6e7e695306abe1b3a92aa8b53282925fcce52d1456248f6c68e8bbe8e7b1d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7db30330fe96b6a33faa7c652ec8790cdb55a8d45e00fec0710eead2d8aa37e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 015150B2A0AB42C2EB16AF35E46452977A8FF48B94F140075DE4E07768DF3CE16AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21B6E0 Relevance: 43.9, APIs: 15, Strings: 10, Instructions: 185threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_ThreadU_object@@View@@$?init@Arg_CryptErr_Error@@FormatFreeKeywordsMem_ObjectObject_ParseQueryRestoreSaveTupleU_object@@_Win_
                                                                                                                                                                                                                                          • String ID: CertStore$ContentType$Context$CryptQueryObject$FormatType$Invalid input type specified: %d$Msg$MsgAndCertEncodingType$kO|kkk:CryptQueryObject${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3250035249-912245876
                                                                                                                                                                                                                                          • Opcode ID: 3c700aca4513e32823a25b9eb829c43ed6e481c25d84d293043193917cdf516e
                                                                                                                                                                                                                                          • Instruction ID: 37a24597d843db07b5a33ed889c75a83b77868d0f79d04de2f8278a20ae5fca6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c700aca4513e32823a25b9eb829c43ed6e481c25d84d293043193917cdf516e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E915A76A0AB41CAE7129F61E8905AD37B8FB48784B500176DE4D43B68DF3CE52ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA1E8B50 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$Arg_Err_ParseTuple_$Sequence_malloc$ClearReferenceString$AllocateCheckCopyDeallocInitializeLengthTuplememset
                                                                                                                                                                                                                                          • String ID: (bbbbbb)O:SID$AllocateAndInitializeSid$SID buffer size beyond INT_MAX$s#:SID$sub authorities must be a sequence of integers.$sub authorities sequence size must be <= 8$|llllllll:SID$|n:SID
                                                                                                                                                                                                                                          • API String ID: 2034972351-3682999398
                                                                                                                                                                                                                                          • Opcode ID: 525610387b68ad0ded5125966a10e9109dc3d848910984cab617d3c0f64cd283
                                                                                                                                                                                                                                          • Instruction ID: c571741acbc79848d8a62822f924467edd8b4da6c3e32304e8e7b0e234678db9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 525610387b68ad0ded5125966a10e9109dc3d848910984cab617d3c0f64cd283
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42810DB660AA42E9EB52CF31E8405AD33A8FB45788F404576EE4D47758EF3CD90AC750
                                                                                                                                                                                                                                          Function 00007FFBAA21C5B0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 199encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: free$BufferCertCertificateContextEval_FreeThreadView@@$Arg_CryptEncryptError@@KeywordsMessageParseRestoreSaveSignTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                          • String ID: CryptSignAndEncryptMessage$CryptSignAndEncryptMessage: Unable to allocate %d bytes$OOOO:CryptSignAndEncryptMessage
                                                                                                                                                                                                                                          • API String ID: 1590729463-3614423056
                                                                                                                                                                                                                                          • Opcode ID: 239f375182654795358999987579b53576f826ef8bffa5071aca2865b7c6ac64
                                                                                                                                                                                                                                          • Instruction ID: dca706514cbdcbc89336b0b02290dc2c481e187e712e1d3a4cdd05e71a926c78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 239f375182654795358999987579b53576f826ef8bffa5071aca2865b7c6ac64
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62918176A19B81C6E752EB31E8906B937B8FB84788F004172EE4D43A5CDF38D59AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21C340 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 157encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferErr_Eval_ThreadView@@$Arg_CertCloseCryptDecryptError@@KeywordsMemoryMessageParseRestoreSaveStoreStringTupleU_object@@U_object@@_Win_freemalloc
                                                                                                                                                                                                                                          • String ID: CryptDecryptMessage$OO:CryptDecryptMessage
                                                                                                                                                                                                                                          • API String ID: 4010548360-3813015564
                                                                                                                                                                                                                                          • Opcode ID: 50e9eda5e6033dbedc52eb2204c7938d838bd99b7398df8f5a63460488bb921c
                                                                                                                                                                                                                                          • Instruction ID: 48c3a0f3aa2ffb05db0e1dcfa89d550e16781a1500704b23cd7df39d455ec44d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50e9eda5e6033dbedc52eb2204c7938d838bd99b7398df8f5a63460488bb921c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87714DB5B0AB42D5E712AF71E4506AD33A8FB88B88B444176DE0E13B5CDE3CD56AD310
                                                                                                                                                                                                                                          Function 00007FFBAA219430 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 144threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Free$Object_$Eval_FromLocalStringThreadU_object@@U_object@@_$Arg_BuildBytes_CryptDataErr_Error@@KeywordsParseRestoreSaveSizeTupleUnprotectValueWin_
                                                                                                                                                                                                                                          • String ID: CryptUnprotectData$O|OOOk:CryptUnprotectData$Reserved must be None
                                                                                                                                                                                                                                          • API String ID: 674621842-630361847
                                                                                                                                                                                                                                          • Opcode ID: 6cf97d5be01032a5b4a6814b7cd156d1401dc3840642159212fd2e8e79a9204a
                                                                                                                                                                                                                                          • Instruction ID: 2c66dd417677cc3166a72ef4f76e2bc4939166441027ff61b7d19b86906e7215
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cf97d5be01032a5b4a6814b7cd156d1401dc3840642159212fd2e8e79a9204a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B715A76A0AB42C6EB119F75E4505AD77A8FB88784F140176EE4E13B28DF3CE06AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21CE40 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 178encryptionthreadwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: free$Err_$Eval_FormatThreadU_object@@malloc$Arg_CertCertificateContextCryptDeallocError@@FreeKeywordsMessageParseRestoreSaveSequence_SignStringTupleTuple@@Win_
                                                                                                                                                                                                                                          • String ID: CryptSignMessage$CryptSignMessage: Unable to allocate %d bytes$OO|l:CryptSignMessage
                                                                                                                                                                                                                                          • API String ID: 1961361303-3191103349
                                                                                                                                                                                                                                          • Opcode ID: 59db3c28c2b40a1225f56b5dc5b6f373e8a176168129d93bd10413435ce0135a
                                                                                                                                                                                                                                          • Instruction ID: e261bd244e3ecb0b45c43648413cbdcc511cc1ca42dc7f896919180796ef4400
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59db3c28c2b40a1225f56b5dc5b6f373e8a176168129d93bd10413435ce0135a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8818C72B0AB42C6E712AF71E4506B93368BB88B88F044176DE4D43A18DE38E46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA2191D0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 148threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Free$Eval_Object_StringThreadU_object@@U_object@@_$Arg_Bytes_CryptDataErr_Error@@FromKeywordsLocalMem_ParseProtectRestoreSaveSizeTupleWin_
                                                                                                                                                                                                                                          • String ID: CryptProtectData$O|OOOOk:CryptProtectData$Reserved must be None
                                                                                                                                                                                                                                          • API String ID: 4097555971-1080424852
                                                                                                                                                                                                                                          • Opcode ID: dfeac7f367cd4dbf47f1f89f7407c5d8213639fdf11e2a5d5bfd716c43963354
                                                                                                                                                                                                                                          • Instruction ID: e0c8220192e6566edbf581d770efe6d4ce933a447a32ef9e821c0f3dfd77d91c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfeac7f367cd4dbf47f1f89f7407c5d8213639fdf11e2a5d5bfd716c43963354
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35716A72A0AB41C5EB119B71E8905AD77B8FB88784F100176EE4D53B28DF3CE46AD750
                                                                                                                                                                                                                                          Function 00007FFBAA21ED00 Relevance: 29.8, APIs: 14, Strings: 3, Instructions: 100threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$StringU_object@@$BinaryCryptError@@RestoreSaveWin_$Arg_Bytes_DeallocFreeFromKeywordsMem_Object_ParseSizeTuple
                                                                                                                                                                                                                                          • String ID: CryptStringToBinary$Nkk$Ok:CryptStringToBinary
                                                                                                                                                                                                                                          • API String ID: 1053293993-2329441234
                                                                                                                                                                                                                                          • Opcode ID: feb68fcab1a043b3069ef09b71838543b8b71f441e1ac1216f24882ce2965c5c
                                                                                                                                                                                                                                          • Instruction ID: 4c5949b565b53c5b7b0802cefa65a0753f060e4fb7d2b29f50a3d37f0a399e51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: feb68fcab1a043b3069ef09b71838543b8b71f441e1ac1216f24882ce2965c5c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF418E76B09B41C5E711AF21E85496A73A8FB88B90F140176DE9D03B28DF3DD82ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA21EB70 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Arg_KeywordsParseTupleU_object@@_
                                                                                                                                                                                                                                          • String ID: CryptBinaryToString$Ok:CryptBinaryToString
                                                                                                                                                                                                                                          • API String ID: 1968207123-2641875766
                                                                                                                                                                                                                                          • Opcode ID: 57841d8985c3ce89111bd2f8777ae6a3c1a00830f2a32fa54898f0c50c713a21
                                                                                                                                                                                                                                          • Instruction ID: 7cebf5b861e080654041f4b0691988a7848349634e23fd839d172db4a4265a50
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57841d8985c3ce89111bd2f8777ae6a3c1a00830f2a32fa54898f0c50c713a21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8414075B0AB42C6E751AB31E854A797369FB88B80F1440B1DE4E03728DF3CE86AD750
                                                                                                                                                                                                                                          Function 00007FFBAA21AC80 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 105threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Arg_Eval_ParseThreadTupleU_object@@$Bytes_CryptError@@FindInfoKeywordsLongLong_Object_OccurredRestoreSaveWin_
                                                                                                                                                                                                                                          • String ID: CryptFindOIDInfo$Key must be a tuple of 2 ints when KeyType is CRYPT_OID_INFO_SIGN_KEY$Unrecognized key type$kO|k
                                                                                                                                                                                                                                          • API String ID: 167753082-3539979041
                                                                                                                                                                                                                                          • Opcode ID: 4ac0c776bfce34d46c55ff558e4fd961344c98023f07967c6bb72fbcfcfd0e98
                                                                                                                                                                                                                                          • Instruction ID: 7b111f2d7142b664fcd328cd378c71c1267e909c819fc45241104530be7c7d5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac0c776bfce34d46c55ff558e4fd961344c98023f07967c6bb72fbcfcfd0e98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B64160B1A09B42C1DA12AF75E85457977A8FF84790F9404B2DE4E83A2CDF3CD46AD720
                                                                                                                                                                                                                                          Function 00007FFBAA219DD0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 89threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CryptDefaultError@@KeywordsParseProviderRestoreSaveTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptGetDefaultProvider$Unable to allocate %d bytes$kk:CryptGetDefaultProvider
                                                                                                                                                                                                                                          • API String ID: 960520114-920100490
                                                                                                                                                                                                                                          • Opcode ID: ea048576e0ae08f73b6ce26d33c556002786b145b511da3130cae96d0308b680
                                                                                                                                                                                                                                          • Instruction ID: 7bda8c28e42358248a0b9c9a9e7aa184389e235b735e87d4a8d73891461cb84b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea048576e0ae08f73b6ce26d33c556002786b145b511da3130cae96d0308b680
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C14144B1A0A741C6DB119F62F45446973A9FB88B90F440076EE4E03B18DF3CE56ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA214880 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 120encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferCryptEncryptErr_Error@@StringU_object@@View@@Win_$Arg_Bytes_FromKeywordsMemoryParseSizeTupleU_object@@_freemalloc
                                                                                                                                                                                                                                          • String ID: CryptEncrypt$Object must be of type PyCRYPTHASH$lO|Ok:CryptEncrypt
                                                                                                                                                                                                                                          • API String ID: 3967936622-1354874914
                                                                                                                                                                                                                                          • Opcode ID: 854fd57fe716cf2d13cd7abff4e5fec7fc8d73fc4a7012ce57dd9f181feafd57
                                                                                                                                                                                                                                          • Instruction ID: 0ad3996a940f734d57486e84cb143237c83dd850980ec3ebf0f76e0d5b187592
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 854fd57fe716cf2d13cd7abff4e5fec7fc8d73fc4a7012ce57dd9f181feafd57
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB512DB6B0AB41CAE711DF31E4506A977A8FB48788F404172DE0E43B68DE38E56AD710
                                                                                                                                                                                                                                          Function 00007FFBAA214050 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 98encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptError@@HashKeywordsParamParseTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: Hash parameter %d is not yet supported$PyCRYPTHASH::CryptGetHashParam$Unable to allocate %d bytes$k|k:CryptGetHashParam
                                                                                                                                                                                                                                          • API String ID: 4230166517-3481413517
                                                                                                                                                                                                                                          • Opcode ID: d0c78ebc272004516930a7ac71e361bfe457a31bc7ec92ddcd7bd6e59b53b5b0
                                                                                                                                                                                                                                          • Instruction ID: 5e5fa5086fb758f9d1b070792242f98df4e4f366b923e1c3a4fe760adb047689
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0c78ebc272004516930a7ac71e361bfe457a31bc7ec92ddcd7bd6e59b53b5b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6415EB1A19742C2EB42DF26F8504697765FB84B84F440072DE4E43B2CDE3CE56ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA213DD0 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 83encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptErr_ErrorError@@FormatHashKeywordsLastParseSignTupleU_object@@Win_malloc
                                                                                                                                                                                                                                          • String ID: CryptSignHash$PyCRYPTHASH::CryptSignHash$PyCRYPTHASH::CryptSignHash: Unable to allocate %d bytes$k|k:CryptSignHash
                                                                                                                                                                                                                                          • API String ID: 588145746-3674555972
                                                                                                                                                                                                                                          • Opcode ID: b1d4c329dbc87bcf6ffac54c0c34b34e264585350001b4afdcae90c0980beef0
                                                                                                                                                                                                                                          • Instruction ID: 7699bf97b27e719bbd8a9663e38032f1aa5c874e18fc99abc2251ee3421f211d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1d4c329dbc87bcf6ffac54c0c34b34e264585350001b4afdcae90c0980beef0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E314F71A09742C2D7519F21F85082AB7A9FB88B94F440172ED4E43B2CDF7CE45ADB50
                                                                                                                                                                                                                                          Function 00007FFBAA1E7CD0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurityfree$DaclErr_String$Arg_GroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                          • String ID: SetSecurityDescriptorDacl$The object is not a PyACL object$iOi:SetSecurityDescriptorDacl
                                                                                                                                                                                                                                          • API String ID: 1359849467-4100764314
                                                                                                                                                                                                                                          • Opcode ID: 3e808ce79b7076bcc899e60ba21c05a75609f6a86dc757a742ffb64fe4bf2a7a
                                                                                                                                                                                                                                          • Instruction ID: 14adf7fd44f403ad0354ec84172c013d1ea34faa0a6b621ffafe4f1ca4258d0b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e808ce79b7076bcc899e60ba21c05a75609f6a86dc757a742ffb64fe4bf2a7a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C514BA6B0AA42E5FB679F71DC401BC23A8BF46B84B445472DD1D57A54EE3CE84BC320
                                                                                                                                                                                                                                          Function 00007FFBAA214440 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 108encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CryptErr_Error@@ExportStringU_object@@Win_$Arg_Bytes_FormatFromKeywordsParseSizeTuplefreemalloc
                                                                                                                                                                                                                                          • String ID: CryptExportKey$Object must be of type PyCRYPTKEY$Ok|k:CryptExportKey$PyCRYPTKEY::CryptExportKey: Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 1765650860-2655833073
                                                                                                                                                                                                                                          • Opcode ID: c57962fb4aa4c87388720af4d3e30e422467e75636b8d33ad984388e77ac2610
                                                                                                                                                                                                                                          • Instruction ID: 1cf953be647fa31e4d24e4f7f7f77f7e29f9dfefbfb72832583a0f03ec0f8cde
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c57962fb4aa4c87388720af4d3e30e422467e75636b8d33ad984388e77ac2610
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 194143B2B0AB02C6EB129F25E85047973A9FB88B94F540175CE4D43768DF3CD4AADB10
                                                                                                                                                                                                                                          Function 00007FFBAA21AE30 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 101threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_FreeThreadU_object@@View@@$Arg_CryptError@@IdentifierKeywordsLocalMem_Object_ParsePropertyRestoreSaveTupleU_object@@_Win_
                                                                                                                                                                                                                                          • String ID: CryptGetKeyIdentifierProperty$Only CERT_KEY_PROV_INFO_PROP_ID is currently supported$O|kkO:CryptGetKeyIdentifierProperty
                                                                                                                                                                                                                                          • API String ID: 2865977456-415975446
                                                                                                                                                                                                                                          • Opcode ID: 2b1bcf5161fb1a5884d0f68144201125a80486a6b9e8e61f251f3e9f64a970d6
                                                                                                                                                                                                                                          • Instruction ID: 7728b599197f5b51f76e68619a2fc226d6550585902be8b828eb5e85d2ef4543
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b1bcf5161fb1a5884d0f68144201125a80486a6b9e8e61f251f3e9f64a970d6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E4117B6B06B41DAE721DF71E4505AD33A9EB48B88B000176DE4E53B28DF38D52AD750
                                                                                                                                                                                                                                          Function 00007FFBAA214A50 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 98encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferErr_StringView@@$Arg_Bytes_CryptDecryptError@@FromKeywordsMemoryParseSizeTupleU_object@@U_object@@_Win_freemallocmemcpy
                                                                                                                                                                                                                                          • String ID: CryptDecrypt$Object must be of type PyCRYPTHASH$lO|Ok:CryptDecrypt
                                                                                                                                                                                                                                          • API String ID: 298226277-2240841863
                                                                                                                                                                                                                                          • Opcode ID: a0cb2d634b7257c5143e83ae3b8c812f0e5d228740782d17957c2f9706da29e2
                                                                                                                                                                                                                                          • Instruction ID: 343f30d04dd54a6cacc83ed3fe6c1167dcdbf90c17e65439aa1790a4f4ab9d4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0cb2d634b7257c5143e83ae3b8c812f0e5d228740782d17957c2f9706da29e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D4131B5A0EB41C2D721AB21F49076A77A9FB84B90F504172DE4D43B28DF3CE56ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA21A8E1 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 96threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Eval_FreeThreadU_object@@$Arg_CertErr_Error@@FromKeywordsLong_OpenParseReferenceRestoreSaveStoreStringSystemTupleVoidWin_malloc
                                                                                                                                                                                                                                          • String ID: CertOpenSystemStore$Object must be of type PyCRYPTPROV$O|O:CertOpenSystemStore
                                                                                                                                                                                                                                          • API String ID: 4067469028-1076695456
                                                                                                                                                                                                                                          • Opcode ID: 59f978469c9a9d0cacfc4dfe01f52f146c6de9add0d6466229a1272143762029
                                                                                                                                                                                                                                          • Instruction ID: 1cf9ee088dfdda3dcee0f0779472f4f574beeb948f44c0c6699736f26ed45543
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59f978469c9a9d0cacfc4dfe01f52f146c6de9add0d6466229a1272143762029
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F413371A0AB46C2EB42AB25F9504297769FB84BC0F4541B2DE4E43B6CDF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21B1B0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 94threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_ThreadU_object@@View@@$?init@Arg_CryptDeallocEnumErr_Error@@FreeIdentifierKeywordsList_Mem_Object_OccurredParsePropertiesRestoreSaveTupleU_object@@_Win_
                                                                                                                                                                                                                                          • String ID: CryptEnumKeyIdentifierProperties$|OkkO:CryptEnumKeyIdentifierProperties
                                                                                                                                                                                                                                          • API String ID: 3737282794-41738952
                                                                                                                                                                                                                                          • Opcode ID: f882a5ecc52b6f13ef0759ff899bfa3e76895eaf90be1632c124d10d5b7d8357
                                                                                                                                                                                                                                          • Instruction ID: 7c053cb70f3c1173f07064b5b5770cc277cd44b05f26e662846435990e107c6a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f882a5ecc52b6f13ef0759ff899bfa3e76895eaf90be1632c124d10d5b7d8357
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60415C72A0AB41C6EB61AF21E454A6A77B8FB48BC0F540176DE4D43B18DF3DD42AD710
                                                                                                                                                                                                                                          Function 00007FFBAA2145D0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 93encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptError@@KeywordsParamParseTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptGetKeyParam$PyCRYPTKEY::CryptGetKeyParam: Unable to allocate %d bytes$The Param specified is not yet supported$k|k:CryptGetKeyParam
                                                                                                                                                                                                                                          • API String ID: 2979963884-2192148497
                                                                                                                                                                                                                                          • Opcode ID: 63b3e6a8cfc7d89ffcf999ba19fbe1e95c3b6aa14a3ec8d973439909c2f46bf3
                                                                                                                                                                                                                                          • Instruction ID: 622093de8feb344185000e701cf96e8701accad1230358f5cc5b90736db93565
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63b3e6a8cfc7d89ffcf999ba19fbe1e95c3b6aa14a3ec8d973439909c2f46bf3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9412DB2A09782C2EB12DF25F450469B7A4FB84B94F440172EE4E43B5CDE7CE56ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA212D50 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$AcquireArg_CertificateCryptErr_Error@@KeywordsParsePrivateRestoreSaveStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptAcquireCertificatePrivateKey$CryptContextAddRef$The certificate context has been closed$|k:CryptAcquireCertificatePrivateKey
                                                                                                                                                                                                                                          • API String ID: 312824557-475845844
                                                                                                                                                                                                                                          • Opcode ID: 8188dcf4b10e21f96afa8e204f2dd8c488a0504f21b421fcedb107b6115b20fb
                                                                                                                                                                                                                                          • Instruction ID: b3b0835bcb502e308997b6e941c71c4ee82deea940744eec637e84b96864cac4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8188dcf4b10e21f96afa8e204f2dd8c488a0504f21b421fcedb107b6115b20fb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B93132B5A0AB42C2EB01AF35E4505A97369FF84B84F440171DE4E43B68DF3CE16AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21D0F0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 134threadencryptionwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: free$BufferErr_Eval_ThreadU_object@@View@@$Arg_CryptDeallocDetachedError@@FormatKeywordsMessageParseRestoreSaveSequence_SignatureStringTupleTuple@@U_object@@_VerifyWin_malloc
                                                                                                                                                                                                                                          • String ID: CryptVerifyDetachedMessageSignature$kOO|O:CryptVerifyDetachedMessageSignature
                                                                                                                                                                                                                                          • API String ID: 302554843-3659002915
                                                                                                                                                                                                                                          • Opcode ID: a1c60f90848cda4e3db20f668b8c810f88959e7da3c12ecf2f6af09163fbbab0
                                                                                                                                                                                                                                          • Instruction ID: 5c871c2e49142e5444e5441bb8cfe9a2cb006d7092dcf810a410b6b86a1f06e4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1c60f90848cda4e3db20f668b8c810f88959e7da3c12ecf2f6af09163fbbab0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8514876B0AB42C9E752AFB1E4506AD37B8FB44B88B500176DE0D13B58DE3CE42AD350
                                                                                                                                                                                                                                          Function 00007FFBAA21CBD0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Arg_Err_KeywordsParseStringTupleU_object@@_
                                                                                                                                                                                                                                          • String ID: CryptGetMessageCertificates$Object must be of type PyCRYPTPROV$O|kOk:CryptGetMessageCertificates
                                                                                                                                                                                                                                          • API String ID: 1311799886-560882271
                                                                                                                                                                                                                                          • Opcode ID: 835523c4e059ec7b59041206d1836cb957d9e823d62a26903d0dd342007ea30e
                                                                                                                                                                                                                                          • Instruction ID: 720f8712f405544266137a86869377b23eb4fb31e29b8b2ecf82808a893678bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 835523c4e059ec7b59041206d1836cb957d9e823d62a26903d0dd342007ea30e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8941717560AB41C2E712AF22E45466A77A9FB84BC0F404172DE4D03728DF3CE86AD710
                                                                                                                                                                                                                                          Function 00007FFBAA2197B0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$U_object@@$Eval_FreeThread$AcquireArg_ContextCryptError@@KeywordsParseRestoreSaveTupleWin_
                                                                                                                                                                                                                                          • String ID: CryptAcquireContext$OOkk:CryptAcquireContext
                                                                                                                                                                                                                                          • API String ID: 1988381298-841591711
                                                                                                                                                                                                                                          • Opcode ID: 9b3906e1e79348b0954fcde9924c73940af9ca0931de624638e19f94e15e5ad8
                                                                                                                                                                                                                                          • Instruction ID: 631273458351cd74558ecf3017599c51b725a6b23bc29e0f100196b2cd8260db
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b3906e1e79348b0954fcde9924c73940af9ca0931de624638e19f94e15e5ad8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F417D72A09B42C1EB61AF61F4547A977A8FB84B80F050076CE9E43B58DF3DD46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA215890 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_FormatKeywords_ParseSizeTuplemalloc
                                                                                                                                                                                                                                          • String ID: CryptGenRandom: Unable to allocate %zd bytes$PyCRYPTPROV::CryptGenRandom$k|z#
                                                                                                                                                                                                                                          • API String ID: 1718167496-62374806
                                                                                                                                                                                                                                          • Opcode ID: f1ef6c83ff69561fdda2f94dfe968d2028b42aa998afe3ceeffd7657a54e8301
                                                                                                                                                                                                                                          • Instruction ID: 43dcc5dd9ee7536861e48ed460e361a9be1cca240bc080f626fb79f6058940a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1ef6c83ff69561fdda2f94dfe968d2028b42aa998afe3ceeffd7657a54e8301
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F316272B09B42C2EA069B35E8544A973A9FB84BD4B584075DE4E43B18DE3CD46BDB10
                                                                                                                                                                                                                                          Function 00007FFBAA215C70 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 81encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptError@@ExportInfoKeywords_ParsePublicSizeTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptExportPublicKeyInfo$CryptExportPublicKeyInfo: Unable to allocate %d bytes$k|k:CryptExportPublicKeyInfo
                                                                                                                                                                                                                                          • API String ID: 4146695621-84361842
                                                                                                                                                                                                                                          • Opcode ID: a46ff1bf334687dffd8b452e5c82d80f37b7ea88bbefe5753632c3487b69eca2
                                                                                                                                                                                                                                          • Instruction ID: 627fbcea3da351b6a5288797708f5ff5583d04e7f2ae3421fef62eea676276e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a46ff1bf334687dffd8b452e5c82d80f37b7ea88bbefe5753632c3487b69eca2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62311DB1A09742C2EB019F22F45446AB7A5FB84BD4F440076EE4D43B1CDE3CE56ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA219F30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Eval_FreeThreadU_object@@$Arg_CryptError@@KeywordsParseProviderRestoreSaveTupleWin_
                                                                                                                                                                                                                                          • String ID: CryptSetProviderEx$Okk:CryptSetProviderEx
                                                                                                                                                                                                                                          • API String ID: 1842323616-1750013035
                                                                                                                                                                                                                                          • Opcode ID: 09490465793072fad0f82b44c9d73fb64c1f858d60602b23e27f16e1f03fefd2
                                                                                                                                                                                                                                          • Instruction ID: 07ac07a3f30289ba6c3467582b7b9dc2cc2fec6caae2a01fdde5884be620919b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09490465793072fad0f82b44c9d73fb64c1f858d60602b23e27f16e1f03fefd2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA314F72B09B11C2E711AF25F85456973A8FB88BD0B550172DE5D43B28CF3DD8AADB10
                                                                                                                                                                                                                                          Function 00007FFBAA21CD50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Arg_KeywordsParseTupleU_object@@_
                                                                                                                                                                                                                                          • String ID: CryptGetMessageSignerCount$O|k:CryptGetMessageSignerCount
                                                                                                                                                                                                                                          • API String ID: 1968207123-858434672
                                                                                                                                                                                                                                          • Opcode ID: e5cf6f15e7c78ed4ba13301852dc586db90f3aceb84abc520403988347c0fcfe
                                                                                                                                                                                                                                          • Instruction ID: d54220e0717964fe22c5a37275574527aa3a3d5fdeaca9a76ba0a95f2d3b74e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5cf6f15e7c78ed4ba13301852dc586db90f3aceb84abc520403988347c0fcfe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B214FB5B09741C6DB52AB35F854B793364FB85B80F540071CE5E43658CE3DD4AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA21B3D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 54threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CryptDeallocEnumErr_Error@@InfoKeywordsList_OccurredParseRestoreSaveTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptEnumOIDInfo$|k:CryptEnumOIDInfo
                                                                                                                                                                                                                                          • API String ID: 2345210855-1370177178
                                                                                                                                                                                                                                          • Opcode ID: dbe3845c8ecfaa5525518964d89635d29fece2b650c9c74b2c3aa3fb2ea2c089
                                                                                                                                                                                                                                          • Instruction ID: a8eef5daf764d2f893c23e0f1c7e089341e1ccddb78fd7132e8dc722449029ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dbe3845c8ecfaa5525518964d89635d29fece2b650c9c74b2c3aa3fb2ea2c089
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB116DB0A0AB52C1EB16AF75F46456563A8BF88B90F0440B5DD4D43768DE3CE46BE720
                                                                                                                                                                                                                                          Function 00007FFBAA215B00 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 82encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Arg_CryptErr_Error@@ImportKeywords_ParseSizeStringTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                          • String ID: Object must be of type PyCRYPTKEY$O|Ok$PyCRYPTPROV::CryptImportKey
                                                                                                                                                                                                                                          • API String ID: 3946236484-248037244
                                                                                                                                                                                                                                          • Opcode ID: 150e863f0ccaa55e711e71abb19d8d68f37ffdd8d7e8b708431f9d03f65cd727
                                                                                                                                                                                                                                          • Instruction ID: 2ae584ca5825c645b89b7c93b81ff77b543c106bd2303b6617239fe0b0acd7d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 150e863f0ccaa55e711e71abb19d8d68f37ffdd8d7e8b708431f9d03f65cd727
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B415EB160AB81C5EB21AF21E4907AA77A9FB84780F4440B6DE4D4376CDF3CD56AD710
                                                                                                                                                                                                                                          Function 00007FFBAA215DB0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 77encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Keywords_ParseSizeTuple$CryptErr_Error@@FromImportInfoLong_PublicReferenceStringU_object@@VoidWin_malloc
                                                                                                                                                                                                                                          • String ID: CryptImportPublicKeyInfo$O&O&:CERT_PUBLIC_KEY_INFO$Object used to construct a CERT_PUBLIC_KEY_INFO must be a dict$O|k:CryptImportPublicKeyInfo
                                                                                                                                                                                                                                          • API String ID: 3506324900-3524712216
                                                                                                                                                                                                                                          • Opcode ID: 3f776e6d1ee4eeed320d9dccd80c9aec54f6ed9bffa71e6fe81b16fe1f780591
                                                                                                                                                                                                                                          • Instruction ID: 6e1312c62ca0fb70a2da40d26c69a8b0eaeb1bef42b8102d1933712b05238179
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f776e6d1ee4eeed320d9dccd80c9aec54f6ed9bffa71e6fe81b16fe1f780591
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E4129B2A09B82C1EB51DB21F4507AA7368FB88B84F544176DE8D43758DF3CD1AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA213F20 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 70encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Arg_CryptErr_Error@@KeywordsParseSignatureStringTupleU_object@@U_object@@_VerifyWin_
                                                                                                                                                                                                                                          • String ID: OO|k:CryptVerifySignature$Object must be of type PyCRYPTKEY$PyCRYPTHASH::CryptVerifySignature
                                                                                                                                                                                                                                          • API String ID: 1262447337-1335157759
                                                                                                                                                                                                                                          • Opcode ID: 06c6f6a7b99eb60739cb97881bfe4fe0f4e57baa07de03f97ef0fed7c968a44b
                                                                                                                                                                                                                                          • Instruction ID: 2a391f9a056e102d4d1e750cde00f753c3e0b53b3c48db1f80b4c5d2364e560b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06c6f6a7b99eb60739cb97881bfe4fe0f4e57baa07de03f97ef0fed7c968a44b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE316CB2609B45C1EB219F22E894A697368FB88B80F944172CE4D43758CF3DD56AD710
                                                                                                                                                                                                                                          Function 00007FFBAA2159C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CreateCryptErr_Error@@HashKeywords_ParseReferenceSizeStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: I|Ok$Object must be of type PyCRYPTKEY$PyCRYPTPROV::CryptCreateHash
                                                                                                                                                                                                                                          • API String ID: 121666029-682297043
                                                                                                                                                                                                                                          • Opcode ID: 14904c4672b481856e68b5c676c51127c54591b212018fc85a7acc6b524349fa
                                                                                                                                                                                                                                          • Instruction ID: 5d9736f853c51c7cdd9658c82661519657615fa311d09005658b6352499cead0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 14904c4672b481856e68b5c676c51127c54591b212018fc85a7acc6b524349fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7313E72A09B45C2EB11DB25F4900AA73A9FB84B80F544176DE9D43B28DF3CD5AADB10
                                                                                                                                                                                                                                          Function 00007FFBAA21A040 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 50threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Eval_ThreadU_object@@$Arg_CryptFindFreeFromKeywordsLocalizedNameParseRestoreSaveTuple
                                                                                                                                                                                                                                          • String ID: O:CryptFindLocalizedName
                                                                                                                                                                                                                                          • API String ID: 2786140858-1113378710
                                                                                                                                                                                                                                          • Opcode ID: 4b3e615602d8484f7a8c4103ac7480439bc4b772cfae728c8e703da30a22d1d4
                                                                                                                                                                                                                                          • Instruction ID: 3d4719e7ac82592cebdcd351f24828e3ce8d18d6b0e21e278da4bf592133894e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b3e615602d8484f7a8c4103ac7480439bc4b772cfae728c8e703da30a22d1d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA1100B5A09B42C1DB11AB61F8649797368FB88BD4F440076DE4E43B18DF3CE02AE710
                                                                                                                                                                                                                                          Function 00007FFBAA121960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721214197.00007FFBAA121000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA120000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721195452.00007FFBAA120000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721230705.00007FFBAA123000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721246765.00007FFBAA125000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa120000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                          • Instruction ID: 0faadc8c364804051a1f62acf97ca44fe0e7e406913feb93d60ca9d0802d048a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46317EB6609A81DAEB62CF70E8607E97364FB85344F44403ADE4E43A84DF38D24DC724
                                                                                                                                                                                                                                          Function 00007FFBAA111960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721145672.00007FFBAA111000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FFBAA110000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721130032.00007FFBAA110000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721162728.00007FFBAA113000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721178652.00007FFBAA115000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa110000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                          • Instruction ID: 731a27ddf01bfa7895420a3d1ed826ea56a8237fcda662d9a12f3630ff857be4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8318FB6609A81D9EB628F70E8503ED7BA5FB85344F44403EDE4D47A88EF38D249C720
                                                                                                                                                                                                                                          Function 00007FFBAA191960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721782896.00007FFBAA191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFBAA190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721766538.00007FFBAA190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721801582.00007FFBAA192000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721820820.00007FFBAA194000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa190000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 7e91f6bfd96c29140b0d269c20ca028c10e388d05116ed94df9161a84ec9e0c7
                                                                                                                                                                                                                                          • Instruction ID: 681267d2f142486eb212571b7d1f42557656f0ef5c67e913908e21144e4fabf9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e91f6bfd96c29140b0d269c20ca028c10e388d05116ed94df9161a84ec9e0c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C314DB660AA81D9EB628F70E8803ED6365FB85744F44403ADE4D47A94EF3CD649C720
                                                                                                                                                                                                                                          Function 00007FFBAA141960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721348074.00007FFBAA141000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAA140000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721331278.00007FFBAA140000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721365877.00007FFBAA143000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721384327.00007FFBAA144000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721401219.00007FFBAA145000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa140000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                          • Instruction ID: 077bdb7885f3fed1feb53022a7eb2c89d81662e5383903b0f08ca0086f64e070
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15ab57132a56a43adcf6d314196c4535093efc661be566aed9b6740bd42d3de9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7317CF661AB81DAEB628F74E8503E97768FB85344F44443ADE4D43A84DF38D649C720
                                                                                                                                                                                                                                          Function 00007FFBAA1EF674 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 7c6bf0f7975bb5c78eaed7d07f2cd1bf6cc38bd7a7bf042adb2f4977370bd02e
                                                                                                                                                                                                                                          • Instruction ID: 6d178c97c60079daa05defdc7b28590e5a1d0037181fc9de8f008ad93e9c739e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c6bf0f7975bb5c78eaed7d07f2cd1bf6cc38bd7a7bf042adb2f4977370bd02e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C315EB260AB81D6EBA29F60E8407ED3368FB45744F44407ADE4D47A94EF38D949C720
                                                                                                                                                                                                                                          Function 00007FFBAA22036C Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 313767242-0
                                                                                                                                                                                                                                          • Opcode ID: 0d621db73e2451174b8f13a3115516f9f3e1f0dbbb20f8bdf6535f71ef20c50d
                                                                                                                                                                                                                                          • Instruction ID: be7ac85718d97af7736cc106a4ce8a30ca25cc0ca7032c2f36172b7912796529
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d621db73e2451174b8f13a3115516f9f3e1f0dbbb20f8bdf6535f71ef20c50d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33316DB260AB81C6EB61AF60E8507ED3365FB84744F444039DA4D47A98EF38C559D710
                                                                                                                                                                                                                                          Function 00007FFBAA213C20 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Arg_CryptDataHashKeywordsParseTupleU_object@@_
                                                                                                                                                                                                                                          • String ID: CryptHashData$O|k:CryptHashData
                                                                                                                                                                                                                                          • API String ID: 1059791976-129170221
                                                                                                                                                                                                                                          • Opcode ID: 022555b1d2a47e109d17496450a483fe2e678d209db8057d08837a228a726357
                                                                                                                                                                                                                                          • Instruction ID: 12d069791d92d258ee703d917a3f7c4b38beb2076c7091d39c7ab9d765fe59ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 022555b1d2a47e109d17496450a483fe2e678d209db8057d08837a228a726357
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64218C72B19B41C5EBA19F26E894BA93369FB44BC0F844072CE5E43658CF3DD46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA213D10 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 49encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptErr_Error@@HashKeywordsParseSessionStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptHashSessionKey$Object must be of type PyCRYPTKEY$O|k:CryptHashSessionKey
                                                                                                                                                                                                                                          • API String ID: 4245653644-2666860678
                                                                                                                                                                                                                                          • Opcode ID: 8b021e1cc2b7b42ea41876d4d9fe3cec59e3aa5bc4e6634ef9bdb5227fc97f14
                                                                                                                                                                                                                                          • Instruction ID: 684f8e477b0dee4bf97b3d33a245aa4b8a604dffc59838921c16b7a4a38be020
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b021e1cc2b7b42ea41876d4d9fe3cec59e3aa5bc4e6634ef9bdb5227fc97f14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB112CB1A0AB46C1EB12AF65E85046573A9FF84B90B4444B2CE4D43768DF3CD5AAD720
                                                                                                                                                                                                                                          Function 00007FFBAA21476B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptDuplicateKeywordsParseTuple
                                                                                                                                                                                                                                          • String ID: CryptDuplicateKey$|kk:CryptDuplicateKey
                                                                                                                                                                                                                                          • API String ID: 2077482966-1662090741
                                                                                                                                                                                                                                          • Opcode ID: 368c455e64a3f42e4d6226387d1060164349f84e9b2d360627ca105eff0a8cda
                                                                                                                                                                                                                                          • Instruction ID: 24ad396fa7f9181dd8aad4e246e7f1e278d717af548bcf1173db443bb7f9164b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 368c455e64a3f42e4d6226387d1060164349f84e9b2d360627ca105eff0a8cda
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B43161B2A0D78186D7029F76F45006ABBA4FB88B90F444076DE8D83719DE7CD4A6CB00
                                                                                                                                                                                                                                          Function 00007FFBAA2150A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptErrorError@@FromKeywords_LastLong_ParseReferenceSizeTupleU_object@@VoidWin_malloc
                                                                                                                                                                                                                                          • String ID: CryptGenKey$Ik|k:CryptGenKey
                                                                                                                                                                                                                                          • API String ID: 3083420793-1888919388
                                                                                                                                                                                                                                          • Opcode ID: 9f7425452ab4e4cd30248d620a79957d2c730cbb66ae7f357fb85ad776e53577
                                                                                                                                                                                                                                          • Instruction ID: 2be1bae1635dddd2807f1db6739b728e81aefb7d2d7eaaa5e0c6ce80e4d438b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7425452ab4e4cd30248d620a79957d2c730cbb66ae7f357fb85ad776e53577
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6218C72B09741C2EB119F29E4105AA73A8FB88B90F60017ADE5D83758DF3DD49ACB50
                                                                                                                                                                                                                                          Function 00007FFBAA213B50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptDuplicateHashKeywordsParseReferenceTuple
                                                                                                                                                                                                                                          • String ID: CryptDuplicateHash$|k:CryptDuplicateHash
                                                                                                                                                                                                                                          • API String ID: 3054858463-1283885492
                                                                                                                                                                                                                                          • Opcode ID: 4070d77280b09c38ca55f11715dd56b6e867cee0768cef66e74ce0bf851ebec5
                                                                                                                                                                                                                                          • Instruction ID: 7d367115ebf0f46afadcd1bf31e0fb1ec7aec94f658701631886f831ce09f0e7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4070d77280b09c38ca55f11715dd56b6e867cee0768cef66e74ce0bf851ebec5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D114DB2609B46C2DB419F26F9500A9B769FB84BD0F444072DE5E43B28EF7CD1AAD700
                                                                                                                                                                                                                                          Function 00007FFBAA215020 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ContextCryptError@@Keywords_ParseReleaseSizeTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptReleaseContext$|k:CryptReleaseContext
                                                                                                                                                                                                                                          • API String ID: 2608048266-3508415085
                                                                                                                                                                                                                                          • Opcode ID: 5460e094ae8fd093000602e64b8c80609c19f5adb80d0ee1e33eff2ff0ba376d
                                                                                                                                                                                                                                          • Instruction ID: de41aa432e73d71f5116092cd8e0dc28a818d7ef9e325fefa2c835e3be7cdfe5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5460e094ae8fd093000602e64b8c80609c19f5adb80d0ee1e33eff2ff0ba376d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B018FB1B06706C2EB02AF21E8504662368BB84B84F5800B2CD1D03768CF3CE16AE760
                                                                                                                                                                                                                                          Function 00007FFBAA2157A1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON312 ref: 00007FFBAA215820
                                                                                                                                                                                                                                          • CryptGetUserKey.ADVAPI32 ref: 00007FFBAA215836
                                                                                                                                                                                                                                          • ?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z.PYWINTYPES312 ref: 00007FFBAA215873
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA21F3A0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAA2113A4), ref: 00007FFBAA21F3BA
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA2143A0: _Py_NewReference.PYTHON312 ref: 00007FFBAA2143C3
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA2143A0: PyLong_FromVoidPtr.PYTHON312 ref: 00007FFBAA2143D7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CryptError@@FromKeywords_Long_ParseReferenceSizeTupleU_object@@UserVoidWin_malloc
                                                                                                                                                                                                                                          • String ID: PyCRYPTPROV::CryptGetUserKey
                                                                                                                                                                                                                                          • API String ID: 828709316-2956425817
                                                                                                                                                                                                                                          • Opcode ID: 5f0301d82cd47443186b490893928e1679d73bc596bea04650290d08533e23e0
                                                                                                                                                                                                                                          • Instruction ID: 17e1ed898ef7f4f7b29c39d2896364ce1cd9a0fefc64a3828f95ecf080684667
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f0301d82cd47443186b490893928e1679d73bc596bea04650290d08533e23e0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0921A1F2A0D78183E7029F71E4501AD7BA4FB84B94F4A4076DF4A82B49EE6CD55BC710
                                                                                                                                                                                                                                          Function 00007FFBAA213B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CryptDestroyError@@HashU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CryptDestroyHash
                                                                                                                                                                                                                                          • API String ID: 2307853852-174375392
                                                                                                                                                                                                                                          • Opcode ID: cb8d0ebaefb7939d39ecce326341e34753a64aeccf252a0a690beace87ac4ce3
                                                                                                                                                                                                                                          • Instruction ID: 51de5f94926a61ba71d27ae4ff260579142fa43c47418440a0ed9d80696e95be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb8d0ebaefb7939d39ecce326341e34753a64aeccf252a0a690beace87ac4ce3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FE04F60F06602C1EA566B31DC9067522A6BF84B80FC844B1CD0E42268DE2CE56BE320
                                                                                                                                                                                                                                          Function 00007FFBAA2142E0 Relevance: 4.5, APIs: 3, Instructions: 25encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$CryptDestroy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3653355852-0
                                                                                                                                                                                                                                          • Opcode ID: 91daf49f7d5ab971fe7f46c0c446294560ca36e4e9ee46e4967fe6372630da27
                                                                                                                                                                                                                                          • Instruction ID: 900a258332e5c27400f46d81c8fadf8cb48c2228a23bc320af0f02cdee8d3830
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91daf49f7d5ab971fe7f46c0c446294560ca36e4e9ee46e4967fe6372630da27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F012F6E17702C1FF1BAB71D86553417689F54F54F280172CD1E066488E2DE967A320
                                                                                                                                                                                                                                          Function 00007FFBAA214340 Relevance: 4.5, APIs: 3, Instructions: 24encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$CryptDestroy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3653355852-0
                                                                                                                                                                                                                                          • Opcode ID: c095663b07b678a5d59c45177ed9b488a6844b78377cd47bd64e241fb3f58c5d
                                                                                                                                                                                                                                          • Instruction ID: 3722d0cd0b4412eddcb6ee0771cc064ec5ec7b1bbc620c76a9a1e72b851f2648
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c095663b07b678a5d59c45177ed9b488a6844b78377cd47bd64e241fb3f58c5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19F01CB2E57702C1EF1AAF71D8655382368AF54F61F284072CD5E4A6488E2DE467E330
                                                                                                                                                                                                                                          Function 00007FFBAA214400 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CryptDestroy
                                                                                                                                                                                                                                          • String ID: CryptDestroyKey
                                                                                                                                                                                                                                          • API String ID: 1712904745-3992593795
                                                                                                                                                                                                                                          • Opcode ID: ba3e0b2597dd4587586221e6aee1bad60158ce0d55d80330725214758ec9117e
                                                                                                                                                                                                                                          • Instruction ID: ced2b574f3191bd1369a157b0e0214aa4c3521aa80dd4f733fd09cf3f0722019
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba3e0b2597dd4587586221e6aee1bad60158ce0d55d80330725214758ec9117e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04E0BFB5F0AB06C1E616AB26ECA05352375BB54788B4040B2CD0E42228CE2CA17B9310
                                                                                                                                                                                                                                          Function 00007FFBAA214D80 Relevance: 3.0, APIs: 2, Instructions: 21encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCryptDealloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3014539515-0
                                                                                                                                                                                                                                          • Opcode ID: 5d02c0dbcc40e88b3e96b639863166f8533a39c3f4aab9f9ca2d09e41ea957bf
                                                                                                                                                                                                                                          • Instruction ID: b419ec43a92a9094c990ef383c899376fdeec48d246ea46445132941d09fe622
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d02c0dbcc40e88b3e96b639863166f8533a39c3f4aab9f9ca2d09e41ea957bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4E09AF5E0B702C1FE2AABB1E42013812689F48B50F080AB2CC0E4A6488E2CE4676320
                                                                                                                                                                                                                                          Function 00007FFBAA214DD0 Relevance: 3.0, APIs: 2, Instructions: 20encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCryptDealloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3014539515-0
                                                                                                                                                                                                                                          • Opcode ID: 9f3bb95fe3af21acaab6c0969d34fa2749d94b67e219884f0b1a693d4ac2b9e5
                                                                                                                                                                                                                                          • Instruction ID: 2aeb9fd31bef1cb3369611bae94c76bc6c0e0e49796630bcc7959c3d05582706
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f3bb95fe3af21acaab6c0969d34fa2749d94b67e219884f0b1a693d4ac2b9e5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DE04FF5B07706C2EE2ABB72D41413822189F88F55F184AB1DD1E4B3488E2DE4A75320
                                                                                                                                                                                                                                          Function 00007FFBAA214D40 Relevance: 1.5, APIs: 1, Instructions: 18encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCrypt
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1563465135-0
                                                                                                                                                                                                                                          • Opcode ID: f6555452191fdb46917964384bf986ff86385d8f4fd587837f085609c497695f
                                                                                                                                                                                                                                          • Instruction ID: 0a62c5a95831e9107c758a6d8f3923107695687fcf9af12f969735ffb0941050
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6555452191fdb46917964384bf986ff86385d8f4fd587837f085609c497695f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE0E6F2E07A01C1EF5B5B75D45153412649F58B19B140571CE1D4A2588F1CD4B7D724
                                                                                                                                                                                                                                          Function 00007FFBAA214F20 Relevance: 1.5, APIs: 1, Instructions: 14encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                                                                                                                          • Opcode ID: 0197b9301d15caa48b8628b74f4432df05e4852399c126c7a36c1f5637387696
                                                                                                                                                                                                                                          • Instruction ID: 94a93d3f3f69906c3a020ba282ef9e08ca409f54ed99c02329f64add07cb7567
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0197b9301d15caa48b8628b74f4432df05e4852399c126c7a36c1f5637387696
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D0A7A1F1664582FE0DA273D41007402055F88740E588071CC1D063558D2C94AB1310
                                                                                                                                                                                                                                          Function 00007FFBAA214F50 Relevance: 1.5, APIs: 1, Instructions: 13encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                                                                                                                          • Opcode ID: ebc50f2da570223b497e915c7f2591e82ede3111b1a31832699d8a113abb53bc
                                                                                                                                                                                                                                          • Instruction ID: a65697d4a4c5569a6c099841328a010728c62c9003f9fc705aa71e9df4117378
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebc50f2da570223b497e915c7f2591e82ede3111b1a31832699d8a113abb53bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9C02261B5074983EF0CA773D8000B802029BC8B80F188031CC1D0B354CC3CD0AB1310
                                                                                                                                                                                                                                          Function 00007FFBAA213AA0 Relevance: 1.5, APIs: 1, Instructions: 12encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CryptDestroyHash
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 174375392-0
                                                                                                                                                                                                                                          • Opcode ID: 40993491916250a407921e82c951ec4765e426c780ab13773f83ebcebab1e224
                                                                                                                                                                                                                                          • Instruction ID: 043d96c2aa1b7b6124c11313fc0baccc4a9306ef2e74524723c19f70550e0b1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40993491916250a407921e82c951ec4765e426c780ab13773f83ebcebab1e224
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1C022A0BA030882EE082B22E8000B80200AB88BC0F280030CC2E0B388CC2CE0AB2320
                                                                                                                                                                                                                                          Function 00007FFBAA214F10 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e0eaa37618d0ae82c1d6640847f08eeae73c19b2b8da62c9a27f72d93b7d4bcf
                                                                                                                                                                                                                                          • Instruction ID: 4992cbea8b570d9ea92121c986378134c640a964e8afc2b9ee93360a9227c0de
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0eaa37618d0ae82c1d6640847f08eeae73c19b2b8da62c9a27f72d93b7d4bcf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FA02232A08E82C0EB08CB23C8200A02322FBC8B083308032CC0C08028CE38C20B8200
                                                                                                                                                                                                                                          Function 00007FFBAA1ED790 Relevance: 82.4, APIs: 29, Strings: 18, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 733 7ffbaa1ed790-7ffbaa1ed796 734 7ffbaa1ed79a call 7ffbaa1ed370 733->734 735 7ffbaa1ed79f-7ffbaa1ed7a2 734->735 736 7ffbaa1ed7a8-7ffbaa1ed7c0 PyModule_Create2 735->736 737 7ffbaa1edaec-7ffbaa1edaf8 735->737 736->737 738 7ffbaa1ed7c6-7ffbaa1ed7d5 PyModule_GetDict 736->738 738->737 739 7ffbaa1ed7db-7ffbaa1ed7e5 738->739 740 7ffbaa1edad5-7ffbaa1edae6 PyErr_SetString 739->740 741 7ffbaa1ed7eb-7ffbaa1ed7f3 739->741 740->737 741->740 742 7ffbaa1ed7f9-7ffbaa1ed80c PyDict_SetItemString 741->742 742->737 743 7ffbaa1ed812-7ffbaa1ed82c PyDict_SetItemString 742->743 743->737 744 7ffbaa1ed832-7ffbaa1ed84c PyDict_SetItemString 743->744 744->737 745 7ffbaa1ed852-7ffbaa1ed86c PyDict_SetItemString 744->745 745->737 746 7ffbaa1ed872-7ffbaa1ed88b PyModule_AddIntConstant 745->746 746->737 747 7ffbaa1ed891-7ffbaa1ed8ab PyDict_SetItemString 746->747 747->737 748 7ffbaa1ed8b1-7ffbaa1ed8cb PyDict_SetItemString 747->748 748->737 749 7ffbaa1ed8d1-7ffbaa1ed8e1 PyType_Ready 748->749 749->737 750 7ffbaa1ed8e7-7ffbaa1ed901 PyDict_SetItemString 749->750 750->737 751 7ffbaa1ed907-7ffbaa1ed917 PyType_Ready 750->751 751->737 752 7ffbaa1ed91d-7ffbaa1ed937 PyDict_SetItemString 751->752 752->737 753 7ffbaa1ed93d-7ffbaa1ed94d PyType_Ready 752->753 753->737 754 7ffbaa1ed953-7ffbaa1ed96d PyDict_SetItemString 753->754 754->737 755 7ffbaa1ed973-7ffbaa1ed983 PyType_Ready 754->755 755->737 756 7ffbaa1ed989-7ffbaa1ed9a3 PyDict_SetItemString 755->756 756->737 757 7ffbaa1ed9a9-7ffbaa1ed9b9 PyType_Ready 756->757 757->737 758 7ffbaa1ed9bf-7ffbaa1ed9d9 PyDict_SetItemString 757->758 758->737 759 7ffbaa1ed9df-7ffbaa1ed9ef PyType_Ready 758->759 759->737 760 7ffbaa1ed9f5-7ffbaa1eda0f PyDict_SetItemString 759->760 760->737 761 7ffbaa1eda15-7ffbaa1eda25 PyType_Ready 760->761 761->737 762 7ffbaa1eda2b-7ffbaa1eda45 PyDict_SetItemString 761->762 762->737 763 7ffbaa1eda4b-7ffbaa1eda5b PyType_Ready 762->763 763->737 764 7ffbaa1eda61-7ffbaa1eda7b PyDict_SetItemString 763->764 764->737 765 7ffbaa1eda7d-7ffbaa1eda97 PyDict_SetItemString 764->765 765->737 766 7ffbaa1eda99-7ffbaa1edaa9 PyType_Ready 765->766 766->737 767 7ffbaa1edaab-7ffbaa1edac5 PyDict_SetItemString 766->767 767->737 768 7ffbaa1edac7-7ffbaa1edad4 767->768
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dict_String$Item$ReadyType_$State_SwapThread$Module_$ErrorFatalFunc$AllocConstantCreate2DeallocDecodeDictErr_LocalUnicode_Value
                                                                                                                                                                                                                                          • String ID: ACLType$Could not initialise the error objects$DEVMODEType$DEVMODEWType$FALSE$HANDLEType$IIDType$OVERLAPPEDType$SECURITY_ATTRIBUTESType$SECURITY_DESCRIPTORType$SIDType$TRUE$TimeType$UnicodeType$WAVEFORMATEXType$WAVE_FORMAT_PCM$com_error$error
                                                                                                                                                                                                                                          • API String ID: 2302314715-2516578290
                                                                                                                                                                                                                                          • Opcode ID: bd69e291b4fc6f872d2f22006123317c71a5d7194922dbda98e03a97dd40cd42
                                                                                                                                                                                                                                          • Instruction ID: a77daf965a954df50630ed9e8550cd39b12a2e762f431196978e16d45d9e276a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd69e291b4fc6f872d2f22006123317c71a5d7194922dbda98e03a97dd40cd42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C991EFE490AA42E1E6578B38EC541782259AF42B61F5807B3DC6E421F0AF7CFD5FC660
                                                                                                                                                                                                                                          Function 00007FFBAA2125A0 Relevance: 80.8, APIs: 28, Strings: 18, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 769 7ffbaa2125a0-7ffbaa2125bd PyUnicode_AsUTF8 770 7ffbaa2125bf-7ffbaa2125c6 769->770 771 7ffbaa2125c7-7ffbaa2125df 769->771 772 7ffbaa2125e2-7ffbaa2125ed 771->772 773 7ffbaa21260c-7ffbaa21261d call 7ffbaa220b81 772->773 774 7ffbaa2125ef-7ffbaa2125f3 772->774 780 7ffbaa21261f-7ffbaa212622 773->780 781 7ffbaa21269a-7ffbaa2126ab strcmp 773->781 774->772 775 7ffbaa2125f5-7ffbaa2125f8 774->775 778 7ffbaa2125fe-7ffbaa212607 PyLong_FromVoidPtr 775->778 779 7ffbaa212980-7ffbaa212999 PyErr_SetString 775->779 782 7ffbaa2129ba-7ffbaa2129cb 778->782 779->782 780->779 783 7ffbaa212628-7ffbaa21262f 780->783 784 7ffbaa2126ad-7ffbaa2126b0 781->784 785 7ffbaa2126c8-7ffbaa2126d9 strcmp 781->785 786 7ffbaa212681-7ffbaa212695 783->786 787 7ffbaa212631-7ffbaa21263d CertDuplicateStore 783->787 784->779 788 7ffbaa2126b6-7ffbaa2126c3 PyBytes_FromStringAndSize 784->788 789 7ffbaa2126db-7ffbaa2126de 785->789 790 7ffbaa2126f1-7ffbaa2126fb 785->790 786->782 787->786 791 7ffbaa21263f 787->791 788->782 789->779 792 7ffbaa2126e4-7ffbaa2126ec PyLong_FromUnsignedLong 789->792 793 7ffbaa212700-7ffbaa21270b 790->793 796 7ffbaa212644 call 7ffbaa21f3a0 791->796 792->782 794 7ffbaa21272d-7ffbaa212737 793->794 795 7ffbaa21270d-7ffbaa212711 793->795 798 7ffbaa212740-7ffbaa21274b 794->798 795->793 797 7ffbaa212713-7ffbaa212716 795->797 799 7ffbaa212649-7ffbaa21267c _Py_NewReference PyLong_FromVoidPtr 796->799 797->779 800 7ffbaa21271c-7ffbaa212728 PyLong_FromUnsignedLong 797->800 801 7ffbaa21274d-7ffbaa212751 798->801 802 7ffbaa212772-7ffbaa21277c 798->802 799->782 800->782 801->798 803 7ffbaa212753-7ffbaa212756 801->803 804 7ffbaa212780-7ffbaa21278b 802->804 803->779 805 7ffbaa21275c-7ffbaa21276d PyBytes_FromStringAndSize 803->805 806 7ffbaa21278d-7ffbaa212791 804->806 807 7ffbaa2127b2-7ffbaa2127c3 strcmp 804->807 805->782 806->804 808 7ffbaa212793-7ffbaa212796 806->808 809 7ffbaa2127e1-7ffbaa2127f2 strcmp 807->809 810 7ffbaa2127c5-7ffbaa2127c8 807->810 808->779 813 7ffbaa21279c-7ffbaa2127ad PyBytes_FromStringAndSize 808->813 811 7ffbaa212810-7ffbaa212821 strcmp 809->811 812 7ffbaa2127f4-7ffbaa2127f7 809->812 810->779 814 7ffbaa2127ce-7ffbaa2127dc ?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z 810->814 816 7ffbaa21283e-7ffbaa21284f strcmp 811->816 817 7ffbaa212823-7ffbaa212826 811->817 812->779 815 7ffbaa2127fd-7ffbaa21280b ?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z 812->815 813->782 814->782 815->782 819 7ffbaa212941-7ffbaa212952 strcmp 816->819 820 7ffbaa212855-7ffbaa212858 816->820 817->779 818 7ffbaa21282c-7ffbaa212839 call 7ffbaa216e10 817->818 818->782 822 7ffbaa212954-7ffbaa212957 819->822 823 7ffbaa212968-7ffbaa212979 strcmp 819->823 820->779 824 7ffbaa21285e-7ffbaa212884 PyTuple_New 820->824 822->779 826 7ffbaa212959-7ffbaa212966 call 7ffbaa216ee0 822->826 829 7ffbaa21297b-7ffbaa21297e 823->829 830 7ffbaa2129ae-7ffbaa2129b4 PyObject_GenericGetAttr 823->830 827 7ffbaa212934-7ffbaa21293c 824->827 828 7ffbaa21288a-7ffbaa212890 824->828 826->782 827->782 832 7ffbaa212931 828->832 833 7ffbaa212896-7ffbaa2128ae 828->833 829->779 834 7ffbaa21299b-7ffbaa2129ac PyBytes_FromStringAndSize 829->834 830->782 832->827 836 7ffbaa2128b2-7ffbaa2128fb PyBytes_FromStringAndSize PyBool_FromLong Py_BuildValue 833->836 834->782 837 7ffbaa2128fd-7ffbaa21290d 836->837 838 7ffbaa212911-7ffbaa212916 836->838 837->836 841 7ffbaa21290f 837->841 839 7ffbaa212921 838->839 840 7ffbaa212918-7ffbaa21291b _Py_Dealloc 838->840 842 7ffbaa212924-7ffbaa21292c 839->842 840->839 841->842 842->832
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromLong_Unicode_Void
                                                                                                                                                                                                                                          • String ID: CertEncoded$CertEncodingType$CertStore$Critical$Extension$HANDLE$Issuer$NotAfter$NotBefore$ObjId$SerialNumber$SignatureAlgorithm$Subject$SubjectPublicKeyInfo$The certificate context has been closed$Value$Version${s:s,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 1154900293-275060559
                                                                                                                                                                                                                                          • Opcode ID: c7889124789a5714f42816edaafdda6ca93fb6b338b27ccd151ba1f6b6a3f606
                                                                                                                                                                                                                                          • Instruction ID: 2da0706895cd562eb278ce351447a9d6c587f95fb6bb748f525263cd6e166ff0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7889124789a5714f42816edaafdda6ca93fb6b338b27ccd151ba1f6b6a3f606
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11C170B1A0B742C1EA16AB35D56057827A9AF54B84F5800B2DE4E0775CEF2CE477E360
                                                                                                                                                                                                                                          Function 00007FFBAA1ED370 Relevance: 80.7, APIs: 33, Strings: 13, Instructions: 186threadmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 843 7ffbaa1ed370-7ffbaa1ed37c 844 7ffbaa1ed3b4-7ffbaa1ed3cd LocalAlloc 843->844 845 7ffbaa1ed37e-7ffbaa1ed38c PyThreadState_Swap 843->845 846 7ffbaa1ed3e4-7ffbaa1ed41b TlsSetValue PyThreadState_Swap * 2 844->846 847 7ffbaa1ed3cf-7ffbaa1ed3e3 _Py_FatalErrorFunc 844->847 848 7ffbaa1ed3a3-7ffbaa1ed3ae PyThreadState_Swap 845->848 849 7ffbaa1ed38e-7ffbaa1ed3a2 _Py_FatalErrorFunc 845->849 850 7ffbaa1ed421-7ffbaa1ed42d PyDict_New 846->850 851 7ffbaa1ed57b-7ffbaa1ed58b PyType_Ready 846->851 847->846 848->844 849->848 852 7ffbaa1ed45f-7ffbaa1ed472 850->852 853 7ffbaa1ed42f-7ffbaa1ed44e PyUnicode_DecodeMBCS 850->853 851->852 854 7ffbaa1ed591-7ffbaa1ed5a1 PyType_Ready 851->854 855 7ffbaa1ed473-7ffbaa1ed4a4 PyDict_SetItemString * 2 853->855 856 7ffbaa1ed450-7ffbaa1ed454 853->856 854->852 857 7ffbaa1ed5a7-7ffbaa1ed5b7 PyType_Ready 854->857 859 7ffbaa1ed4a6-7ffbaa1ed4a9 _Py_Dealloc 855->859 860 7ffbaa1ed4af-7ffbaa1ed4c2 PyImport_ImportModule 855->860 856->852 858 7ffbaa1ed456-7ffbaa1ed459 _Py_Dealloc 856->858 857->852 861 7ffbaa1ed5bd-7ffbaa1ed5cd PyType_Ready 857->861 858->852 859->860 860->852 862 7ffbaa1ed4c4-7ffbaa1ed4dd PyDict_SetItemString 860->862 861->852 863 7ffbaa1ed5d3-7ffbaa1ed5e3 PyType_Ready 861->863 864 7ffbaa1ed4e3-7ffbaa1ed4ea 862->864 865 7ffbaa1ed6c2-7ffbaa1ed6cc 862->865 863->852 866 7ffbaa1ed5e9-7ffbaa1ed5f9 PyType_Ready 863->866 868 7ffbaa1ed4f5-7ffbaa1ed519 PyRun_StringFlags 864->868 869 7ffbaa1ed4ec-7ffbaa1ed4ef _Py_Dealloc 864->869 865->852 867 7ffbaa1ed6d2 865->867 866->852 870 7ffbaa1ed5ff-7ffbaa1ed60f PyType_Ready 866->870 868->852 872 7ffbaa1ed51f-7ffbaa1ed523 868->872 869->868 870->852 871 7ffbaa1ed615-7ffbaa1ed625 PyType_Ready 870->871 871->852 875 7ffbaa1ed62b-7ffbaa1ed63b PyType_Ready 871->875 873 7ffbaa1ed525-7ffbaa1ed528 _Py_Dealloc 872->873 874 7ffbaa1ed52e-7ffbaa1ed548 PyDict_GetItemString 872->874 873->874 877 7ffbaa1ed54a 874->877 878 7ffbaa1ed54d-7ffbaa1ed567 PyDict_GetItemString 874->878 875->852 876 7ffbaa1ed641-7ffbaa1ed65a PyCapsule_Import 875->876 876->852 879 7ffbaa1ed660-7ffbaa1ed6ab PyType_Ready 876->879 877->878 880 7ffbaa1ed569 878->880 881 7ffbaa1ed56c-7ffbaa1ed570 878->881 879->852 882 7ffbaa1ed6b1-7ffbaa1ed6c1 879->882 880->881 881->851 883 7ffbaa1ed572-7ffbaa1ed575 _Py_Dealloc 881->883 883->851
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ReadyType_$Dict_String$DeallocItem$State_SwapThread$ErrorFatalFuncImport$AllocCapsule_DecodeFlagsImport_LocalModuleRun_Unicode_Value
                                                                                                                                                                                                                                          • String ID: Exception$Out of memory allocating thread state.$PyWinInterpreterState_Ensure$__builtins__$__name__$builtins$class error(Exception): def __init__(self, *args, **kw): nargs = len(args) if nargs > 0: self.winerror = args[0] else: self.winerror = None if nargs > 1: self.funcname = args[1] else: self.funcname = None if nargs > 2: self.strerror =$com_error$datetime.datetime_CAPI$error$ignore$pywintypes$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                          • API String ID: 3484552599-1312685011
                                                                                                                                                                                                                                          • Opcode ID: e0159ba88e5a1c801be6e97637d547daee22a19625dd7a0b62aed85a2cc0910d
                                                                                                                                                                                                                                          • Instruction ID: 3ec55fa7ba3db54fe8b69e358183b432006c8a2271545b993a90405e1b3de1eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0159ba88e5a1c801be6e97637d547daee22a19625dd7a0b62aed85a2cc0910d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABA113A190BA42E1EA579B34EC5417823A9BF56B54F4446B3CD5E426A0EF3CFC1AC320
                                                                                                                                                                                                                                          Function 00007FFBAA1EDD10 Relevance: 77.2, APIs: 25, Strings: 19, Instructions: 209COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 884 7ffbaa1edd10-7ffbaa1edd5b PyImport_ImportModule 885 7ffbaa1edd69-7ffbaa1edd7c PyImport_ImportModule 884->885 886 7ffbaa1edd5d-7ffbaa1edd64 884->886 888 7ffbaa1edd8a-7ffbaa1edda0 PyObject_GetAttrString 885->888 889 7ffbaa1edd7e-7ffbaa1edd85 885->889 887 7ffbaa1edf8a-7ffbaa1edf9e _wcsdup 886->887 890 7ffbaa1edfa0-7ffbaa1edfa4 887->890 891 7ffbaa1edfac-7ffbaa1edfaf 887->891 892 7ffbaa1edda2-7ffbaa1edda9 888->892 893 7ffbaa1eddae-7ffbaa1eddbf PyObject_CallObject 888->893 889->887 890->891 894 7ffbaa1edfa6 _Py_Dealloc 890->894 895 7ffbaa1edfb1-7ffbaa1edfb5 891->895 896 7ffbaa1edfc0-7ffbaa1edfc3 891->896 892->887 897 7ffbaa1eddc1-7ffbaa1eddc8 893->897 898 7ffbaa1eddcd-7ffbaa1edde3 PyObject_GetAttrString 893->898 894->891 895->896 899 7ffbaa1edfb7-7ffbaa1edfba _Py_Dealloc 895->899 900 7ffbaa1edfc5-7ffbaa1edfc9 896->900 901 7ffbaa1edfd4-7ffbaa1edfd7 896->901 897->887 902 7ffbaa1edde5-7ffbaa1eddec 898->902 903 7ffbaa1eddf1-7ffbaa1ede4f _Py_BuildValue_SizeT 898->903 899->896 900->901 904 7ffbaa1edfcb-7ffbaa1edfce _Py_Dealloc 900->904 905 7ffbaa1edfe9-7ffbaa1edfec 901->905 906 7ffbaa1edfd9-7ffbaa1edfde 901->906 902->887 907 7ffbaa1ede51-7ffbaa1ede58 903->907 908 7ffbaa1ede5d-7ffbaa1ede6f PyObject_CallObject 903->908 904->901 912 7ffbaa1edffd-7ffbaa1ee000 905->912 913 7ffbaa1edfee-7ffbaa1edff2 905->913 906->905 909 7ffbaa1edfe0-7ffbaa1edfe3 _Py_Dealloc 906->909 907->887 910 7ffbaa1ede71-7ffbaa1ede78 908->910 911 7ffbaa1ede7d-7ffbaa1ede81 908->911 909->905 910->887 914 7ffbaa1ede83-7ffbaa1ede86 _Py_Dealloc 911->914 915 7ffbaa1ede8c-7ffbaa1edea2 PyObject_GetAttrString 911->915 917 7ffbaa1ee012-7ffbaa1ee015 912->917 918 7ffbaa1ee002-7ffbaa1ee007 912->918 913->912 916 7ffbaa1edff4-7ffbaa1edff7 _Py_Dealloc 913->916 914->915 919 7ffbaa1edea4-7ffbaa1edeab 915->919 920 7ffbaa1edeb0-7ffbaa1edeb4 915->920 916->912 922 7ffbaa1ee017-7ffbaa1ee01b 917->922 923 7ffbaa1ee026-7ffbaa1ee029 917->923 918->917 921 7ffbaa1ee009-7ffbaa1ee00c _Py_Dealloc 918->921 919->887 924 7ffbaa1edeb6-7ffbaa1edeb9 _Py_Dealloc 920->924 925 7ffbaa1edebf-7ffbaa1eded0 PyObject_CallObject 920->925 921->917 922->923 926 7ffbaa1ee01d-7ffbaa1ee020 _Py_Dealloc 922->926 927 7ffbaa1ee034-7ffbaa1ee047 923->927 928 7ffbaa1ee02b-7ffbaa1ee02e PyMem_Free 923->928 924->925 929 7ffbaa1eded2-7ffbaa1eded9 925->929 930 7ffbaa1edede-7ffbaa1edef1 925->930 926->923 928->927 929->887 931 7ffbaa1edf38-7ffbaa1edf3f 930->931 932 7ffbaa1edef3-7ffbaa1edf07 PyUnicode_AsWideCharString 930->932 935 7ffbaa1edf5a-7ffbaa1edf5d 931->935 936 7ffbaa1edf41-7ffbaa1edf58 PyErr_SetString 931->936 933 7ffbaa1edf09-7ffbaa1edf20 PyErr_SetString 932->933 934 7ffbaa1edf22-7ffbaa1edf36 _wcsdup 932->934 937 7ffbaa1edf83 933->937 934->890 938 7ffbaa1edf65 935->938 939 7ffbaa1edf5f-7ffbaa1edf63 935->939 936->937 937->887 940 7ffbaa1edf6c-7ffbaa1edf7d PyErr_Format 938->940 939->940 940->937
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$ImportImport_Module$FreeMem__wcsdup
                                                                                                                                                                                                                                          • String ID: <Error getting traceback - cStringIO.StringIO() failed>$<Error getting traceback - cant find cStringIO.StringIO>$<Error getting traceback - cant find getvalue function>$<Error getting traceback - cant find traceback.print_exception>$<Error getting traceback - cant import cStringIO>$<Error getting traceback - cant import traceback>$<Error getting traceback - cant make print_exception arguments>$<Error getting traceback - getvalue() did not return a string>$<Error getting traceback - getvalue() failed.>$<Error getting traceback - traceback.print_exception() failed>$<NULL!!>$Getting WCHAR string$None is not a valid string in this context$OOOOOi$Objects of type '%s' can not be converted to Unicode.$StringIO$getvalue$print_exception$traceback
                                                                                                                                                                                                                                          • API String ID: 2735870070-2174458333
                                                                                                                                                                                                                                          • Opcode ID: 5fb5c867c60d5da15cf343896854952990717c9409770200ed863035a3dfa842
                                                                                                                                                                                                                                          • Instruction ID: 695d7055a42679d20cee65e23aacb078e5e890235e24661e469de5bf8436cf9e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fb5c867c60d5da15cf343896854952990717c9409770200ed863035a3dfa842
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6091F7A5A0BA52E1EA67CB31EC542786398BF96F90F4444B3DD0D46754EF2CED0B8320
                                                                                                                                                                                                                                          Function 00007FFBAA1E25D0 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 163COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetExplicitEntriesFromAclW.ADVAPI32 ref: 00007FFBAA1E25F3
                                                                                                                                                                                                                                          • PyTuple_New.PYTHON312 ref: 00007FFBAA1E2621
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1E26C7
                                                                                                                                                                                                                                          • Py_BuildValue.PYTHON312 ref: 00007FFBAA1E2826
                                                                                                                                                                                                                                          • PyTuple_SetItem.PYTHON312 ref: 00007FFBAA1E283A
                                                                                                                                                                                                                                          • LocalFree.KERNEL32 ref: 00007FFBAA1E28AD
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildErr_FreeLocalTuple_$DeallocDecodeEntriesErrorExplicitFormatFromItemLastMessageObjectSizeStringUnicode_ValueValue_
                                                                                                                                                                                                                                          • String ID: AccessMode$AccessPermissions$GetExplicitEntriesFromAcl$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                          • API String ID: 2366750547-3224252679
                                                                                                                                                                                                                                          • Opcode ID: 6de9b0acf5d9fc3516079e1141f043bffedd79fc0069b299c821f088a3567d20
                                                                                                                                                                                                                                          • Instruction ID: 9a614bdac35733a38f6e6ad0d2721e4b0cda2ece9d774518aae8c700347e8435
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6de9b0acf5d9fc3516079e1141f043bffedd79fc0069b299c821f088a3567d20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73813CB5A0AB86E1EB638F21E85027973A8FB86790F444176CE4D03764DF3CE85AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1E9E30 Relevance: 47.4, APIs: 21, Strings: 6, Instructions: 197COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Dealloc$String$BuildLongNumber_Value$ArgumentAttrCallCheckClearEval_FormatKeywordsLong_ObjectObject_OccurredSubtypeType_With_mktime64
                                                                                                                                                                                                                                          • String ID: (d)$Objects of type '%s' can not be used as a time object$iiiiiiiii|i$mktime argument out of range$timetuple$year out of range
                                                                                                                                                                                                                                          • API String ID: 374337924-3179837657
                                                                                                                                                                                                                                          • Opcode ID: c35d6597132e819aabd3fc0a246c3c0a8db126465e84e8f8556b1c8a4bbdd07e
                                                                                                                                                                                                                                          • Instruction ID: 3567a849963d2d9134d5b3b871d877d06cb5d3a69060dcf58fe787cf92dfa548
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c35d6597132e819aabd3fc0a246c3c0a8db126465e84e8f8556b1c8a4bbdd07e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD9184B1A0AA82E5EB678F30D8502BC73A8FF46B55F444176DD4E46754EF3CE84A8720
                                                                                                                                                                                                                                          Function 00007FFBAA1E3E20 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Err_Sequence_String$Arg_FreeParseTuple$CheckEntriesItemKeywordsLocalMem_SizeTuple_freemallocmemset
                                                                                                                                                                                                                                          • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$O:SetEntriesInAcl$Parm must be a list of EXPLICIT_ACCESS dictionaries$SetEntriesInAcl$SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W$lllO
                                                                                                                                                                                                                                          • API String ID: 1438466550-1140684800
                                                                                                                                                                                                                                          • Opcode ID: 61683f0335259351e18ceb0c0b5e7f1567f179fc215418459869264315bb2b13
                                                                                                                                                                                                                                          • Instruction ID: 71a854ace9d3aecf4d5b6686b5d2390d6b7dff18738fa16382a897455fb52b5c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61683f0335259351e18ceb0c0b5e7f1567f179fc215418459869264315bb2b13
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F88150B5A0AB82E5EA638B31E8041BD63A8FF86B94F544076DE4D47714EF3DD84AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1E5A70 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 161COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Buffer_FormatFromRelease$Arg_BufferCharFreeMem_Object_ParseProgReferenceTupleUnicode_Widemalloc
                                                                                                                                                                                                                                          • String ID: <NULL!!>$Buffer cannot be None$Buffer length can be at most %d characters$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$O|i$string too small - must be at least %d bytes (got %d)
                                                                                                                                                                                                                                          • API String ID: 4105764891-2902820477
                                                                                                                                                                                                                                          • Opcode ID: cda41e970d2cb967eed48b9acbb4b0512a05b68967e54b43242f7ce9b0349404
                                                                                                                                                                                                                                          • Instruction ID: bb7d78931cbd46b760f36ea8dcadace271411f8e6550df6c3e2eb7007d439607
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cda41e970d2cb967eed48b9acbb4b0512a05b68967e54b43242f7ce9b0349404
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34814EA1B0AB42E5EB57CB35D85017C237ABB86B98F445076DD0E53664EF3CE94AC320
                                                                                                                                                                                                                                          Function 00007FFBAA1E7430 Relevance: 42.1, APIs: 17, Strings: 7, Instructions: 134COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DescriptorSecurity$String$Arg_Buffer_ParseReleaseTuplefreemalloc$BufferClearControlDeallocFormatInitializeLengthObject_OccurredReferenceValid
                                                                                                                                                                                                                                          • String ID: Buffer cannot be None$Buffer length can be at most %d characters$Data is not a valid security descriptor$O:SECURITY_DESCRIPTOR$Security descriptor created from a buffer must be self relative$Security descriptors are not supported on this platform$|l:SECURITY_DESCRIPTOR
                                                                                                                                                                                                                                          • API String ID: 929864077-2729865943
                                                                                                                                                                                                                                          • Opcode ID: 6f654bcaa8df546f42f247dd2c27e07188fcf06852b0229ff566bc066e8a319f
                                                                                                                                                                                                                                          • Instruction ID: 7438b7edb0aa42040a8df79ff6c81e954da60b1c48795745e453dc06546c592c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f654bcaa8df546f42f247dd2c27e07188fcf06852b0229ff566bc066e8a319f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8515AA1A0AA42E1FA979B35E95427C23A9FF46B90F445072DD4E43754EF3CEC4AC720
                                                                                                                                                                                                                                          Function 00007FFBAA1E78A0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AbsoluteErr_FormatMakemallocmemset
                                                                                                                                                                                                                                          • String ID: ($MakeAbsoluteSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 1436552674-2130869594
                                                                                                                                                                                                                                          • Opcode ID: e9e880d134da8da5eea3fd779c7919a1fed72d2f02bb0726c0d88128c0315eeb
                                                                                                                                                                                                                                          • Instruction ID: c28bb4107ff570d2df81d00820a4e6b1ce8bfa9b20947eddaddf2a652e4106d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9e880d134da8da5eea3fd779c7919a1fed72d2f02bb0726c0d88128c0315eeb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D813D61B06A82EAFBA78F71E8406BD33E8BB89B94F044075DD4D43754EF38D94A8710
                                                                                                                                                                                                                                          Function 00007FFBAA216970 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 124COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: From$Size$BuildBytes_DeallocObject_StringU_object@@Value_$Bool_Err_LongTuple_Warn
                                                                                                                                                                                                                                          • String ID: ContainerName$Data$Flags$KeySpec$Param$ProvName$ProvParam$ProvType$Unsupported PP_ parameter returned as raw data${s:k, s:k, s:N}${s:u, s:u, s:k, s:k, s:k, s:N}
                                                                                                                                                                                                                                          • API String ID: 18416738-1800846073
                                                                                                                                                                                                                                          • Opcode ID: 4687acc39f0fb603ce9182b4fb1824b5c3a8890af091ed117d7498ab5ff252f0
                                                                                                                                                                                                                                          • Instruction ID: e8baa9cabd0d14813a761ee289b2c2112b48fad344823c4cfb8593bd630074fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4687acc39f0fb603ce9182b4fb1824b5c3a8890af091ed117d7498ab5ff252f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5516FB2A0AB02C2E716EF25E89442D77A8FB44740F544176DE4D43B28DF3DE566E720
                                                                                                                                                                                                                                          Function 00007FFBAA2178D0 Relevance: 38.6, APIs: 16, Strings: 6, Instructions: 114encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocSize$FromString$BuildBytes_CertDuplicateState_Value_$CallCertificateContextEnsureErr_Long_Object_ReferenceReleaseStoreVoid
                                                                                                                                                                                                                                          • String ID: Issuer$Object must be of type PyCERT_CONTEXT$OkNN$SerialNumber$The certificate context has been closed${s:N, s:N}
                                                                                                                                                                                                                                          • API String ID: 2673056449-1119961777
                                                                                                                                                                                                                                          • Opcode ID: b7375d67e9854d535db6a38528d76b2dc801787294051a98709b0494690c52da
                                                                                                                                                                                                                                          • Instruction ID: 45d98e4087d0cdcd5b66d24e7bffc57a9e65ba915f00190108afaf6b0c08539e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7375d67e9854d535db6a38528d76b2dc801787294051a98709b0494690c52da
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26514FB1A0AB42C1E716AB31E86453963A8FF84B80F4440B5DD4E47768DF3CE56BD760
                                                                                                                                                                                                                                          Function 00007FFBAA1E23E0 Relevance: 38.6, APIs: 9, Strings: 13, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildErr_StringValue$CharFromUnicode_Wide
                                                                                                                                                                                                                                          • String ID: AccessMode$AccessPermissions$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                          • API String ID: 4150572817-4268317626
                                                                                                                                                                                                                                          • Opcode ID: 4d186b5e9dc2c61247186536ffd7d2019c2e2360de785c2d6a2c767b29aa4ea3
                                                                                                                                                                                                                                          • Instruction ID: b4c7847c93dd6dd280af8d35b1dd27a727d88c358758933c8c60407ed4ff8088
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d186b5e9dc2c61247186536ffd7d2019c2e2360de785c2d6a2c767b29aa4ea3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6513FB5A0AA82E5EB638F25E85017D73A8FB86B50F144176DE4D43764EF3CE84AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1E3800 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 171COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Format$AccessAuditObjectfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                          • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessObjectAce$AddAuditAccessObjectAce not supported by this version of Windows$AddAuditAccessObjectAce: unable to allocated %d bytes$PyACL::AddAuditAccessObjectAce$The object is not a PySID object$lllOOOii:AddAuditAccessObjectAce
                                                                                                                                                                                                                                          • API String ID: 282185603-1609464327
                                                                                                                                                                                                                                          • Opcode ID: 6db4bf8d7cc1094b69b0c3c0ffc797cd5642a177bd4620f33dfc7cf4a51c445a
                                                                                                                                                                                                                                          • Instruction ID: 67668c03cb00c124c617c476a9e138b937a0d9b4d5fc5a3d40dde65b420e940b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6db4bf8d7cc1094b69b0c3c0ffc797cd5642a177bd4620f33dfc7cf4a51c445a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5812FA5B0AA42E5E763CB71E8405BD73A9BB85B84F440172DE4E43A54DF3CD80AC720
                                                                                                                                                                                                                                          Function 00007FFBAA1E35A0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Arg_FormatParseStringTuple
                                                                                                                                                                                                                                          • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAceEx$AddAuditAccessAceEx not supported by this version of Windows$AddAuditAccessAceEx: unable to allocated %d bytes$PyACL::AddAuditAccessAceEx$The object is not a PySID object$lllOii:AddAuditAccessAceEx
                                                                                                                                                                                                                                          • API String ID: 901859003-3541680958
                                                                                                                                                                                                                                          • Opcode ID: 165862e674f47473ae485717e6ccc81d22178b3852c41b2c0743920cb5c77fd5
                                                                                                                                                                                                                                          • Instruction ID: 581f6fb8c647316f93c3a1f03d8d03179de7ca1c8b87fe09c65ba230e1d03e92
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 165862e674f47473ae485717e6ccc81d22178b3852c41b2c0743920cb5c77fd5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B36131B5A09682E6EB638B35E84067D7368FB86B84F144072DE4D43B54EF3CD90AC710
                                                                                                                                                                                                                                          Function 00007FFBAA2133D0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_KeywordsParseStringTuple
                                                                                                                                                                                                                                          • String ID: CertGetCertificateContextProperty$CertGetCertificateContextProperty: unable to allocate %d bytes$Not yet supported$The certificate context has been closed$k:CertGetCertificateContextProperty
                                                                                                                                                                                                                                          • API String ID: 1259807946-657533434
                                                                                                                                                                                                                                          • Opcode ID: b5fd4a21c95569600c223451aab2679073df3252bcfa072d695b2646066abe88
                                                                                                                                                                                                                                          • Instruction ID: baf6cc6db765d96c3a5ce01b0958a087d6b307df63267b845341e1978bca3d59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5fd4a21c95569600c223451aab2679073df3252bcfa072d695b2646066abe88
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E5130B1A09742C2EB12AF36E8544796769FB88B84F544072DE4D4772CDE3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1EB410 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 143COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DeallocFormatString$CharFreeMem_Sequence_TupleUnicode_Widefreemallocmemset
                                                                                                                                                                                                                                          • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Sequence can contain at most %d items$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 1433913835-2102981847
                                                                                                                                                                                                                                          • Opcode ID: 21f8da52230d937b978eb4a31948a6c2f75707e7583cefa331ccf9397c2dc41d
                                                                                                                                                                                                                                          • Instruction ID: 987c84bceac0b4f6b658ef9a74e5f37c27cb28f3c2279ddf597f02e044cab095
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21f8da52230d937b978eb4a31948a6c2f75707e7583cefa331ccf9397c2dc41d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 035102B1A0AB92D5EA53DF25E88417863A8BF86B94F058072DD4D47750EF3CEC4AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1E33A0 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 123COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$AccessAuditFormatfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                          • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAce$AddAuditAccessAce: unable to allocated %d bytes$PyACL::AddAuditAccessAce$The object is not a PySID object$llOii:AddAuditAccessAce
                                                                                                                                                                                                                                          • API String ID: 3041754842-240227349
                                                                                                                                                                                                                                          • Opcode ID: ca061b9d969e830fbae753d764eb1414781053fa57e96a3fb5829134bc3ab70a
                                                                                                                                                                                                                                          • Instruction ID: d76ea2d4ab6716990cc3a0b8e0c7f0b54b966a0721a01a10079401ea5312fb6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca061b9d969e830fbae753d764eb1414781053fa57e96a3fb5829134bc3ab70a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B15122A5A0AA82E5EB63CF36E84457D63A9BB86B84F144072DD4D47750EF3CEC4A8710
                                                                                                                                                                                                                                          Function 00007FFBAA21AFD0 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$Build$Bytes_DeallocFromString$Err_State_Tuple_ValueValue_Warn$AppendEnsureList_Release
                                                                                                                                                                                                                                          • String ID: Data$Key identifier property returned as raw data$KeyIdentifier$PropId$Props${s:N, s:N}${s:k,s:N}
                                                                                                                                                                                                                                          • API String ID: 2091424248-3219072386
                                                                                                                                                                                                                                          • Opcode ID: b32600a85b1021f92400e9aa57d500c78ef7b6a779fdab0ba01ec16d785755e1
                                                                                                                                                                                                                                          • Instruction ID: 666d2be96e8d76ac4f32b6253481e0edc73c586e902e9309fd92395d18a88e66
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b32600a85b1021f92400e9aa57d500c78ef7b6a779fdab0ba01ec16d785755e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E515FB2A0AB86D1EA62AF21E8546797769FB44B94F044072CE4E0375CDF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1E82F0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 152COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: free$DescriptorSecurity$Err_Group$Arg_DaclFormatOwnerParseSaclStringTupleValidmalloc
                                                                                                                                                                                                                                          • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorGroup$SetSecurityDescriptorGroup - invalid sid$The object is not a PySID object
                                                                                                                                                                                                                                          • API String ID: 1524979833-2851344522
                                                                                                                                                                                                                                          • Opcode ID: 9f9b1e1cbeb73acd82663894f1a7e5a2444669f7bc6680b719a6a31e5c7f3ed6
                                                                                                                                                                                                                                          • Instruction ID: 52244e280cd7557ae9a11d98d1d216fe289d28ca06d3ea571108eeabb8cd1c94
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f9b1e1cbeb73acd82663894f1a7e5a2444669f7bc6680b719a6a31e5c7f3ed6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05511CA5B0A652E5FB679F71D8002B923A8EF45B88B4840B2DD0E46654EE3CD94BC320
                                                                                                                                                                                                                                          Function 00007FFBAA21E384 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 128threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_ThreadView@@$Arg_CertError@@KeywordsNameParseRestoreSaveTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                          • String ID: CertNameToStr$O|kk:CertNameToStr$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 2442106594-1555462470
                                                                                                                                                                                                                                          • Opcode ID: 0826d4cc52d85df478c7f11e384b7158e37badba30997c9789b744a28f675ec2
                                                                                                                                                                                                                                          • Instruction ID: fc6d277ef7209fbb9d6b3ec31552a5b47aff505384e611b03e0b8c5e7ead967f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0826d4cc52d85df478c7f11e384b7158e37badba30997c9789b744a28f675ec2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59518072609786C6E711AF22F864A6937A4FB88B80F444076DE4E43758DF3CE41EDB10
                                                                                                                                                                                                                                          Function 00007FFBAA1E4430 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                          • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$DeviceName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 3849944921-3701856451
                                                                                                                                                                                                                                          • Opcode ID: 7ea5646d6b80bd89ae1ee9a082443ed9e2ebac4530fa64dd982fa5363be63c70
                                                                                                                                                                                                                                          • Instruction ID: b4ab5583879d051f5d657e2a55172fe0e0d6690e94dd0fa26abece00a12d3179
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ea5646d6b80bd89ae1ee9a082443ed9e2ebac4530fa64dd982fa5363be63c70
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F04174A1B0AB82D1EA67CB35E8901786364FF86B90F105172DD4E47664DF2DEC8AC310
                                                                                                                                                                                                                                          Function 00007FFBAA1E4640 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                          • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$FormName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 3849944921-358745228
                                                                                                                                                                                                                                          • Opcode ID: 1e2feec65036cf88bce28d36404236980f567f99f77ede5303f43bdc515e198d
                                                                                                                                                                                                                                          • Instruction ID: 3e80d6908519c9d9f226a87c5e33b86eae47478fbc37c7b333bba800b479072e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e2feec65036cf88bce28d36404236980f567f99f77ede5303f43bdc515e198d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE4184A5F0AA82E1EA57CB35E8501782364FB86B94F105172DD4E47760EF2DEC8AC310
                                                                                                                                                                                                                                          Function 00007FFBAA1E5D60 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$CharClearFreeMem_Unicode_Wide
                                                                                                                                                                                                                                          • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 443722841-2914159855
                                                                                                                                                                                                                                          • Opcode ID: 4a4796656935d043cec4a38253bfaec0730b2e87b38c15c541f6476bdc834749
                                                                                                                                                                                                                                          • Instruction ID: 34aa4f11defbe50274148f6102e175b17f3a72c19cbcfc6d4b161576997772b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a4796656935d043cec4a38253bfaec0730b2e87b38c15c541f6476bdc834749
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 324164A5A0AA82E1EA578B35E84017C6369BFC5BA8F044176CD4D47764EF6CEC4AC720
                                                                                                                                                                                                                                          Function 00007FFBAA2130A0 Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 94threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertElementErr_Error@@KeywordsParseRestoreSaveSerializeStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertSerializeCertificateStoreElement$The certificate context has been closed$Unable to allocate %d bytes$|k:CertSerializeCertificateStoreElement
                                                                                                                                                                                                                                          • API String ID: 1213706224-3507625014
                                                                                                                                                                                                                                          • Opcode ID: 5e1cd10821ea043875ec555ced4c9219dd2fbae59602832220a47029db281a39
                                                                                                                                                                                                                                          • Instruction ID: e006090d6b8ee38a2c36216d3c9aac3069e2e925ec92d0514134e325efa7aeb5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1cd10821ea043875ec555ced4c9219dd2fbae59602832220a47029db281a39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC411FB5A09746C2EA52AF72E8648797769FB84B94F440072DD4E03B28DF7CE06BD710
                                                                                                                                                                                                                                          Function 00007FFBAA2122A0 Relevance: 29.8, APIs: 15, Strings: 2, Instructions: 96threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadU_object@@$Arg_CertErr_Error@@ExportFreeKeywordsMem_MemoryObject_ParseRestoreSaveStoreTupleWin_malloc
                                                                                                                                                                                                                                          • String ID: PFXExportCertStoreEx$|Ok:PFXExportCertStoreEx
                                                                                                                                                                                                                                          • API String ID: 1535270174-947405562
                                                                                                                                                                                                                                          • Opcode ID: 2eb6506087554c6f90904b7bafe9380861077e1e9df38959fc2f4c7453600f3a
                                                                                                                                                                                                                                          • Instruction ID: 386edf247689b72021ea0d745d6c6fe4aeeb325a89eb077d778431f913529739
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eb6506087554c6f90904b7bafe9380861077e1e9df38959fc2f4c7453600f3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6414471A0AB82C6E765AF21F450A6A7769FB84B84F044171EE4E43B1CDF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA212EA0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 93threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertEnhancedErr_Error@@KeywordsParseRestoreSaveStringTupleU_object@@UsageWin_
                                                                                                                                                                                                                                          • String ID: CertGetEnhancedKeyUsage$Failed to allocate %d bytes$The certificate context has been closed$|k:CertGetEnhancedKeyUsage
                                                                                                                                                                                                                                          • API String ID: 3590224318-2435798374
                                                                                                                                                                                                                                          • Opcode ID: 71554d7fcb6574eedf2d713f6e2ab146c439c15d3d5592d65a2712844cfedbec
                                                                                                                                                                                                                                          • Instruction ID: 34aabeb1e1a0b34cb268a49a28d85454fe1c45c0547a605fde7aa4d2467666b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71554d7fcb6574eedf2d713f6e2ab146c439c15d3d5592d65a2712844cfedbec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0410FB1A09746C2EA02AB72E8548797769FF94B94F440072ED4D07728DF7CE06BD710
                                                                                                                                                                                                                                          Function 00007FFBAA218B90 Relevance: 29.8, APIs: 7, Strings: 10, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$From$BuildValue_$Bytes_E@@@Object_StringU_object@@
                                                                                                                                                                                                                                          • String ID: Data$IntendedKeyUsage$KeyId$NotAfter$NotBefore$PrivateKeyUsagePeriod$UnusedBits${s:N, s:N, s:N}${s:N, s:N}${s:N,s:k}
                                                                                                                                                                                                                                          • API String ID: 1928187129-2639204421
                                                                                                                                                                                                                                          • Opcode ID: 2257a7b345ec69c6ae2be7734555acfc39aab89e7f7b358402eec711c26cbcdd
                                                                                                                                                                                                                                          • Instruction ID: ab11382119e8078a7ada6272339355648d3f9785a618a633c5cbc9a8631a33cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2257a7b345ec69c6ae2be7734555acfc39aab89e7f7b358402eec711c26cbcdd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26211EB5A0AB42D2DB12AF61F8604697368FB88B94B4441B2DE4D03728DF3CE57BD750
                                                                                                                                                                                                                                          Function 00007FFBAA1E7E90 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurityfree$Err_SaclString$Arg_DaclGroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                          • String ID: SetSecurityDescriptorSacl$The object is not a PyACL object$iOi:SetSacl
                                                                                                                                                                                                                                          • API String ID: 1467358711-1973599164
                                                                                                                                                                                                                                          • Opcode ID: 9231b8ea572b5636ead66590a9776eb837efe4897c4311e3970fda6495e9ad4a
                                                                                                                                                                                                                                          • Instruction ID: d64afd1b4f25f289e2667dbdb06280605e0a143dc71cda28722c1ad6cc81684e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9231b8ea572b5636ead66590a9776eb837efe4897c4311e3970fda6495e9ad4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5514BA5B06A42E5FB638F71D8405BC23A8FF46B84F4444B2DD0E56654EF38D94BC360
                                                                                                                                                                                                                                          Function 00007FFBAA1E8110 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurityfree$Err_OwnerString$Arg_DaclGroupLengthParseSaclTupleValid
                                                                                                                                                                                                                                          • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorOwner$The object is not a PySID object
                                                                                                                                                                                                                                          • API String ID: 965136164-2833774516
                                                                                                                                                                                                                                          • Opcode ID: f308e441dfbb53ca07801ac1447a774fa23f0ff6a235abad11ef225bd6e745d2
                                                                                                                                                                                                                                          • Instruction ID: bd50c93d168fef32d889a8f643d4ccd1b087384b870e2f885d9b848e97991d30
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f308e441dfbb53ca07801ac1447a774fa23f0ff6a235abad11ef225bd6e745d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76512CA5A0AA42E9EB978F71D8401BC23A9FF46B84B484472DD0E57A54DF3CD84AC360
                                                                                                                                                                                                                                          Function 00007FFBAA21B4A0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 131threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferErr_Eval_ReferenceThreadView@@$Arg_CertElementError@@FormatFromKeywordsLong_ParseRestoreSaveSerializedStoreStringTupleU_object@@U_object@@_VoidWin_
                                                                                                                                                                                                                                          • String ID: CertAddSerializedElementToStore$Context type %d is not yet supported$OOk|kk:CertAddSerializedElementToStore$Object must be of type PyCERTSTORE
                                                                                                                                                                                                                                          • API String ID: 544885331-4265936841
                                                                                                                                                                                                                                          • Opcode ID: a926e816690e577665c240bdea380ee0f00c253e1d0ad3fb6d0dbfe8fad027b4
                                                                                                                                                                                                                                          • Instruction ID: 605c312d3c92a49676d742da55fcb393682f213a66be4db99eccd6204b2bc56a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a926e816690e577665c240bdea380ee0f00c253e1d0ad3fb6d0dbfe8fad027b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78618E71A0AB41C1E722EF21E45066977B8FB98B80F544172DE4E43B68DF3CE46AD750
                                                                                                                                                                                                                                          Function 00007FFBAA1E1F20 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                          • String ID: Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID$Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME$Invalid value for TrusteeForm$The object is not a PySID object$Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}$TrusteeForm not yet supported$llO|Ol
                                                                                                                                                                                                                                          • API String ID: 959004690-581804069
                                                                                                                                                                                                                                          • Opcode ID: c4c0ce628861c8fec1ceac88b97acf6f7d34d5cf582ff69800a3f1226fa9a1b6
                                                                                                                                                                                                                                          • Instruction ID: 730f3e88d68d933137ecb255ae5f7d0412a3d17e6c6e85c5387322263fbb2e10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4c0ce628861c8fec1ceac88b97acf6f7d34d5cf582ff69800a3f1226fa9a1b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0513CB660AA82E1EB638F25E85457D73A8FB86794F404072CE4D47764EF3CE85AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1ECE10 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Buffer_ClearFormatFreeMem_ReleaseString$BufferCharLong_Object_OccurredUnicode_VoidWide
                                                                                                                                                                                                                                          • String ID: Buffer cannot be None$Buffer length can be at most %d characters$WPARAM must be a unicode string, int, or buffer object (got %s)
                                                                                                                                                                                                                                          • API String ID: 3109676845-3026970096
                                                                                                                                                                                                                                          • Opcode ID: c0d59195eee20e608be03f930a8afed0d4afed418b1253203d241cab4f1e62ee
                                                                                                                                                                                                                                          • Instruction ID: 27e14da9b4bbeb657d0221cafe3291f25d08c8c44da0bbf892733c32c086b5ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0d59195eee20e608be03f930a8afed0d4afed418b1253203d241cab4f1e62ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 525111A5A0AA42D5EB978F35E85023C63A4EF86B94F444072DE4D47754EF3CEC9AC350
                                                                                                                                                                                                                                          Function 00007FFBAA1E2120 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$BuildCharFromUnicode_ValueWide
                                                                                                                                                                                                                                          • String ID: Identifier$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                          • API String ID: 2305401427-1816636059
                                                                                                                                                                                                                                          • Opcode ID: 257fee3f03db89f1de94a1dcf2e0eae39d905db714e31581683085fd8502cec9
                                                                                                                                                                                                                                          • Instruction ID: a88ae29a36c0f492b2ce26398d75d72c6d5b7cfe2ed6b21639d858bba3622028
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 257fee3f03db89f1de94a1dcf2e0eae39d905db714e31581683085fd8502cec9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF4163A1A0AA82E5EBA38F25E84017D73B8FB86B50F444176CE4D43764DF3CE94A8710
                                                                                                                                                                                                                                          Function 00007FFBAA21A5F0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 127threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Eval_StringThread$Arg_BufferCertCheckErrorError@@FreeFromKeywordsLastLong_Object_OpenParseReferenceRestoreSaveSequence_StoreTupleU_object@@View@@VoidWin_
                                                                                                                                                                                                                                          • String ID: CertOpenStore$O&kOkO:CertOpenStore$Object must be of type PyCRYPTPROV$Specified store provider type not supported
                                                                                                                                                                                                                                          • API String ID: 3832450745-1761686843
                                                                                                                                                                                                                                          • Opcode ID: 87ace0bd8a2f7f6aa1e933e2e2ec12d760acf991e0ee20bb92dd2ffa10415896
                                                                                                                                                                                                                                          • Instruction ID: 50201839887b77b49545bb4fa4527197a847e56ebe13aad0dc6c526f2b0e5c87
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87ace0bd8a2f7f6aa1e933e2e2ec12d760acf991e0ee20bb92dd2ffa10415896
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 645129B2B0AB41C9E716AF71E4505A837B9FB44784B5001B6DE0E53B6CDF38E42AD350
                                                                                                                                                                                                                                          Function 00007FFBAA1E9490 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Authority$CountErrorIdentifierLastValid
                                                                                                                                                                                                                                          • String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
                                                                                                                                                                                                                                          • API String ID: 228009767-531523367
                                                                                                                                                                                                                                          • Opcode ID: b339956fccc20c37dc137844cdfb54516e25dbc4dbc000efbe68bd1d43e75f9a
                                                                                                                                                                                                                                          • Instruction ID: 5eb698fa97dfbca5c2838e8f166daab9ab1bbb45f3d041f5438568abb7e75ebc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b339956fccc20c37dc137844cdfb54516e25dbc4dbc000efbe68bd1d43e75f9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B951D0A6A096D1D2DB63CB25E85027D7BA8FB86B81F044076DE8E43714EF3DD84AC710
                                                                                                                                                                                                                                          Function 00007FFBAA217F20 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFBAA218261), ref: 00007FFBAA217F6F
                                                                                                                                                                                                                                          • _PyArg_ParseTupleAndKeywords_SizeT.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFBAA218261), ref: 00007FFBAA217FA6
                                                                                                                                                                                                                                          • ?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z.PYWINTYPES312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFBAA218261), ref: 00007FFBAA217FBC
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFBAA218261), ref: 00007FFBAA217FDD
                                                                                                                                                                                                                                          • PyErr_NoMemory.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFBAA218261), ref: 00007FFBAA217FEC
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,00007FFBAA218261), ref: 00007FFBAA2180BD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Arg_DeallocKeywords_MemoryParseSequence_SizeStringTupleTuple@@U_object@@malloc
                                                                                                                                                                                                                                          • String ID: Object used to construct CRYPT_ATTRIBUTE must be a dict$sO:CRYPT_ATTRIBUTE
                                                                                                                                                                                                                                          • API String ID: 890852602-2761299909
                                                                                                                                                                                                                                          • Opcode ID: b069d1cefb7fc15a9b876478998a68c96a0f78731c56ebef99fc7d72c260dd59
                                                                                                                                                                                                                                          • Instruction ID: 78c14ad1f1f9958d3d23fd919508fe3818a5550e7f35f811decdc2677c3ed6a9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b069d1cefb7fc15a9b876478998a68c96a0f78731c56ebef99fc7d72c260dd59
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF518372A1AB42C5E751AF31E8507B97768FB84B80F044071DE0E43A18DF3CD46AD760
                                                                                                                                                                                                                                          Function 00007FFBAA211740 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 97encryptionthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$CertEval_List_Thread$AppendContextDuplicateEnumErrorError@@FromLastLong_ReferenceRestoreSaveStoreU_object@@VoidWin_
                                                                                                                                                                                                                                          • String ID: CertEnumCTLsInStore
                                                                                                                                                                                                                                          • API String ID: 62969067-3713136399
                                                                                                                                                                                                                                          • Opcode ID: dc73392e2be614698aa97d53e01ad095b24fb8ae7ae5d0ac62e74ef0977ddc35
                                                                                                                                                                                                                                          • Instruction ID: 9e3e8fa8982da6e101d7613fd27ed3d6328496ac50744ed1573c9e7e9d36b9fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc73392e2be614698aa97d53e01ad095b24fb8ae7ae5d0ac62e74ef0977ddc35
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 384173B1A0AB02C5FB56BB31E81453967A9FF48B90F1944B9CD0E46758DF3CE466E320
                                                                                                                                                                                                                                          Function 00007FFBAA1EA900 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                          • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                          • Opcode ID: 66ce21fda171c5b8bf048c3557db498c30436750ed0329add0b3282728a1211c
                                                                                                                                                                                                                                          • Instruction ID: 1c3063cbe34c6db6b87ddfd2216b32211da526a0812bde9c5759b9e858eb3b04
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66ce21fda171c5b8bf048c3557db498c30436750ed0329add0b3282728a1211c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B4186B1A0BB42E1EA678F25E94427C2764BF86781F444172DD4E43754EF3CE85AC310
                                                                                                                                                                                                                                          Function 00007FFBAA1EA760 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                          • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                          • Opcode ID: 8f9c573c28dfd467008a411df4f1904d4481c3806688cbfaab18af106475a5a8
                                                                                                                                                                                                                                          • Instruction ID: b745e12483509dc4d7c5a25a3ae05d022e7dd01ff5177fcba117bd08220ee3c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f9c573c28dfd467008a411df4f1904d4481c3806688cbfaab18af106475a5a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B04154B1A0AB92E1FA57CF25E8446782368BB86B81F444072DD4E43754DF3CE80AC350
                                                                                                                                                                                                                                          Function 00007FFBAA1E1DB0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CheckErr_Mapping_String
                                                                                                                                                                                                                                          • String ID: Object must be a mapping (dictionary, class instance, etc$__dict__
                                                                                                                                                                                                                                          • API String ID: 1486305882-910247860
                                                                                                                                                                                                                                          • Opcode ID: 612e479974e9f190fc4ca7c05ebc1e853e37b3b18ce9a82dd099f0befac20253
                                                                                                                                                                                                                                          • Instruction ID: c30cb600653692bd935614fad1c1be770c0d6c1c6d83910655d9b2c691d52fb4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 612e479974e9f190fc4ca7c05ebc1e853e37b3b18ce9a82dd099f0befac20253
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E23126A1A06A82D5EA578B36EC4413D63A4FF8AF91F044075DD4E47764EE3CDC8B8310
                                                                                                                                                                                                                                          Function 00007FFBAA218CA0 Relevance: 26.3, APIs: 7, Strings: 8, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$From$BuildBytes_StringValue_$Bool_DeallocLongTuple_
                                                                                                                                                                                                                                          • String ID: Data$PathLenConstraint$SubjectType$SubtreesConstraint$UnusedBits$fPathLenConstraint${s:N, s:N, s:k, s:N}${s:N,s:k}
                                                                                                                                                                                                                                          • API String ID: 2254952139-3836181269
                                                                                                                                                                                                                                          • Opcode ID: fe7c34076d353ce6d13930a73a41c9400fb2bff6c80f2aad2dc7ed2a5f3541b8
                                                                                                                                                                                                                                          • Instruction ID: d514ecdf46f7ec368a9438054a7a09d96b91328b047e1ccb65bb4e65e0ad9b2f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe7c34076d353ce6d13930a73a41c9400fb2bff6c80f2aad2dc7ed2a5f3541b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C313CB6A0AB42D6DB11EF30E49046977A8FB88B50B040575DE4E43728DF3CE17AD760
                                                                                                                                                                                                                                          Function 00007FFBAA1E2FD0 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 159COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON312 ref: 00007FFBAA1E3046
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1E30AD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00007FFBAA1E3114
                                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32 ref: 00007FFBAA1E3130
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON312 ref: 00007FFBAA1E315B
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBAA1E316B
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON312 ref: 00007FFBAA1E3190
                                                                                                                                                                                                                                          • memset.VCRUNTIME140 ref: 00007FFBAA1E31A3
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140 ref: 00007FFBAA1E31B3
                                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBAA1E3218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Format$ErrorLast$BuildDeallocDecodeFreeLengthLocalMessageObjectSizeStringUnicode_Value_freemallocmemcpymemset
                                                                                                                                                                                                                                          • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                          • API String ID: 4156918035-1709335586
                                                                                                                                                                                                                                          • Opcode ID: 308fc0bfe6fe7bda254db686d5e7a50097f48a6ab125105c17bb65d5ddd64eb2
                                                                                                                                                                                                                                          • Instruction ID: e1f4412d87c4f9e95a710ecdaccb998e2fc6dd2488d8af67935f738b6f72a6ee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 308fc0bfe6fe7bda254db686d5e7a50097f48a6ab125105c17bb65d5ddd64eb2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9261A6A5A0E682E1E6678B32E84067D63A8BF86BD4F440071DD4E47B54EF3CD80B8720
                                                                                                                                                                                                                                          Function 00007FFBAA218590 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Formatfreemalloc$BufferDeallocSequence_Tuple@@U_object@@View@@memset
                                                                                                                                                                                                                                          • String ID: Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 4010994401-4174463691
                                                                                                                                                                                                                                          • Opcode ID: 1d7b7cb29d3a8fb00a6bc33d787eede62a176afb6cdf9e83871ceaf3709ed40c
                                                                                                                                                                                                                                          • Instruction ID: 0b258d706d6ed80dd4ce7b902fa4df754331d501bff34e7e61a79e8cc57ad5c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d7b7cb29d3a8fb00a6bc33d787eede62a176afb6cdf9e83871ceaf3709ed40c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9517FB6A0AB51C2EB12EF26E46467D77A8BB84B80F454071CE4D03758EE3CD856D750
                                                                                                                                                                                                                                          Function 00007FFBAA218980 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DeallocStringfree$Bytes_ClearLong_MemoryOccurredSequence_Tuple@@U_object@@Voidmallocmemset
                                                                                                                                                                                                                                          • String ID: Integer OID must have high order word clear
                                                                                                                                                                                                                                          • API String ID: 676720102-606765175
                                                                                                                                                                                                                                          • Opcode ID: 839481a5374694409df728ded5156741970058356ec543a623d6fd67637e7524
                                                                                                                                                                                                                                          • Instruction ID: 0e8fe825e1b8503988e2e2aee2951da324148432752033b39a8025fc22a69fdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 839481a5374694409df728ded5156741970058356ec543a623d6fd67637e7524
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 825190B2A06B42C2EB1AAF35E494139B7A8FB45B90B148171CE5D43748DF3CE4B6D320
                                                                                                                                                                                                                                          Function 00007FFBAA2115E0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 94encryptionthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$CertEval_List_Thread$AppendCertificateCertificatesContextDuplicateEnumErrorError@@LastReferenceRestoreSaveStoreU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertEnumCertificatesInStore
                                                                                                                                                                                                                                          • API String ID: 2638904092-715189387
                                                                                                                                                                                                                                          • Opcode ID: 1f77b79d1a4d1ce4240d3daf1f6ab9bd2ed3ae7e9885931dcaa3121376874f3e
                                                                                                                                                                                                                                          • Instruction ID: 8e705215a0b5274bee2cedc0b63c75bf6b7e4a15a8e7633929124acd7a0a7c53
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f77b79d1a4d1ce4240d3daf1f6ab9bd2ed3ae7e9885931dcaa3121376874f3e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B3186B1A0BB42C5EB16AF32E85453967A8AF44B90F5805B5CE0E47358DF3CE467E320
                                                                                                                                                                                                                                          Function 00007FFBAA216490 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 82encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CertElementErr_Error@@KeywordsParseSerializeStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertSerializeCTLStoreElement$The certificate trust context has been closed$Unable to allocate %d bytes$|k:CertSerializeCTLStoreElement
                                                                                                                                                                                                                                          • API String ID: 2109812038-2971064172
                                                                                                                                                                                                                                          • Opcode ID: 510c4899f38fdeb9faecca273dd8be041beb8aff3d436e3cbb2d9de04d79ea5f
                                                                                                                                                                                                                                          • Instruction ID: cc79ef7a22f8e75490f1b72f6477c0fc2c2380234b67bf072681816f37b44607
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 510c4899f38fdeb9faecca273dd8be041beb8aff3d436e3cbb2d9de04d79ea5f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E314FB5A09742C2EB02DF25F850469A364FB94BD4B540072DE4D4372CDE3DE56ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA212C30 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_List_String
                                                                                                                                                                                                                                          • String ID: The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 1546712769-2422706626
                                                                                                                                                                                                                                          • Opcode ID: 44adfcb3d86ddeac697878b910f2377be4c48f4a4b8643057c8372f50b7e7b81
                                                                                                                                                                                                                                          • Instruction ID: 314fdc41517bd5b4ec36059fde477187f85931ed190fab695ce1e2aa5301fea4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44adfcb3d86ddeac697878b910f2377be4c48f4a4b8643057c8372f50b7e7b81
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C73123B1A0AB02C1EB16AF36E46453963A9AF48F95B1804B1DE0E4775CDF3CE4679310
                                                                                                                                                                                                                                          Function 00007FFBAA21E7F0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Eval_ThreadU_object@@$Arg_CertError@@FreeImportKeywordsMem_Object_ParseRestoreSaveStoreTupleU_object@@_Win_
                                                                                                                                                                                                                                          • String ID: OOk:PFXImportCertStore$PFXImportCertStore
                                                                                                                                                                                                                                          • API String ID: 3056532213-2473002513
                                                                                                                                                                                                                                          • Opcode ID: 1a9a6a862b4e84944f53f756492ac7a35e2894940edcae8ab02f27f098d5dc5d
                                                                                                                                                                                                                                          • Instruction ID: e438cbe3b0ff19dc2e6615439df8e05f20558440d7e6ac6d8d53ca46a595da2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a9a6a862b4e84944f53f756492ac7a35e2894940edcae8ab02f27f098d5dc5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2411C7260AB82C2EB61AF61F85077A7768FB84B80F444076DE8E43A5CDF3CD4699710
                                                                                                                                                                                                                                          Function 00007FFBAA1EC8D0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Long$FromLong_Unsigned$BuildSizeValue_
                                                                                                                                                                                                                                          • String ID: OtherOperationCount$OtherTransferCount$ReadOperationCount$ReadTransferCount$WriteOperationCount$WriteTransferCount${s:N,s:N,s:N,s:N,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3939590852-408589094
                                                                                                                                                                                                                                          • Opcode ID: c98b3276037aab841400b000af896ada310c42ae489b673823bfa69c289be3b2
                                                                                                                                                                                                                                          • Instruction ID: 7407a0fa4fb68d1029585261cb811700ff461380a5f82a1fc5fa9f508f55f877
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c98b3276037aab841400b000af896ada310c42ae489b673823bfa69c289be3b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06217A76A1AB82E1D602CF21F84446D73B8FB89B90B514172EE8D43724EF3CD94ACB10
                                                                                                                                                                                                                                          Function 00007FFBAA216EE0 Relevance: 24.5, APIs: 5, Strings: 9, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,00000000,00007FFBAA212966), ref: 00007FFBAA216EF4
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFBAA212966), ref: 00007FFBAA216F19
                                                                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,00000000,00007FFBAA212966), ref: 00007FFBAA216F29
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFBAA212966), ref: 00007FFBAA216F4C
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,00000000,00007FFBAA212966), ref: 00007FFBAA216F6F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildValue_$Bytes_FromString
                                                                                                                                                                                                                                          • String ID: Algorithm$Data$ObjId$Parameters$PublicKey$UnusedBits${s:N, s:N}${s:N,s:k}${s:s, s:N}
                                                                                                                                                                                                                                          • API String ID: 2576831981-2447339682
                                                                                                                                                                                                                                          • Opcode ID: faa51fea7d1e966e1a473862f6131679fc3004542d6472c896febd022656ec42
                                                                                                                                                                                                                                          • Instruction ID: 18b08634b14b6169db18691a0ead4a1072741ba7eba616e112caeb7bf3ab21fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: faa51fea7d1e966e1a473862f6131679fc3004542d6472c896febd022656ec42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C011E6B590AB42D2DB02AB60E8604A93368FB48754B844172DE4D03738DF3DE5AEDB60
                                                                                                                                                                                                                                          Function 00007FFBAA1E2C10 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 130COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                                                                          • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                          • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                          • Opcode ID: 33818feda3cc014b957c6b151036ecc04b214d1a4c29feecf4a7cc7c90388e06
                                                                                                                                                                                                                                          • Instruction ID: d35221e6d5663dd7d8409cf61ec1046baccf40c2f6bb3f4b45132f4777d14dab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33818feda3cc014b957c6b151036ecc04b214d1a4c29feecf4a7cc7c90388e06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C5164A5B0A782D1EA679B32E85017D6368BB86BC4F144072DE4E47754EE3CD80B8710
                                                                                                                                                                                                                                          Function 00007FFBAA1E28D0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 129COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                                                                          • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                          • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                          • Opcode ID: 1e022e470222c007c52509349f617818019dffee254f32b8763a13ec9a428511
                                                                                                                                                                                                                                          • Instruction ID: 2abf99faab0cbde761fd67bd813176d1d40ecf9520d5fb7e1ab2cbd909074ae4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e022e470222c007c52509349f617818019dffee254f32b8763a13ec9a428511
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 695196A5B0A697D1EA679B32E86003D63A9BF86BC4F444072DD4D47754EE3CDC4B8320
                                                                                                                                                                                                                                          Function 00007FFBAA21368C Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 129threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertCertificateContextErr_Error@@KeywordsParsePropertyRestoreSaveStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertSetCertificateContextProperty$Property Id %d is not supported yet$The certificate context has been closed$kO|k:CertSetCertificateContextProperty
                                                                                                                                                                                                                                          • API String ID: 4070676993-2103186099
                                                                                                                                                                                                                                          • Opcode ID: 1eda2b3be17b904ef8e9cb8511514f6f1d83a1bc46e628707933d51ae6147783
                                                                                                                                                                                                                                          • Instruction ID: 9a9a4571c673a487669a5125d34358ac61f20e253949f78c9b5ceb0c929d0acc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eda2b3be17b904ef8e9cb8511514f6f1d83a1bc46e628707933d51ae6147783
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D51C3B2A0EB81C5E7539F35E8605693B79AB45B84F4500B3CE4E83659DF2CE42BD320
                                                                                                                                                                                                                                          Function 00007FFBAA1EC9C0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 115COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$DeallocFormatSequence_StringTuple
                                                                                                                                                                                                                                          • String ID: Sequence can contain at most %d items$Sequence of dwords cannot be None$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 3107502305-158408534
                                                                                                                                                                                                                                          • Opcode ID: 5b349e25c7462d1a215725f54d91a1bc1a1f425adf9fc773b27ac9dc6a667d2c
                                                                                                                                                                                                                                          • Instruction ID: d703b7c03890acd402a66d7e6377a10b31fd515a8fac2fc88900f6e517389215
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b349e25c7462d1a215725f54d91a1bc1a1f425adf9fc773b27ac9dc6a667d2c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA414172A06B42D5EA67CF25EC5413873A8BB8AB94F094072CD5D43750EE3CE89BC750
                                                                                                                                                                                                                                          Function 00007FFBAA2172B0 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildDecodeSizeTuple_Unicode_Value_
                                                                                                                                                                                                                                          • String ID: ObjId$Value$ValueType${s:s, s:k, s:N}
                                                                                                                                                                                                                                          • API String ID: 1776507976-1124644876
                                                                                                                                                                                                                                          • Opcode ID: 2fba663af8100e213b28001a27699d51d4eeafcbb3216d0178c6bc50a09f3415
                                                                                                                                                                                                                                          • Instruction ID: ab235688ceb64565e567b0afcaf940b9e0a10bb0f36fa19dff3399db1738f707
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fba663af8100e213b28001a27699d51d4eeafcbb3216d0178c6bc50a09f3415
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 024164B1A0AB42C6D762AB21E45456A77B8FB84790F040476DF8D13768DF3CE466EB20
                                                                                                                                                                                                                                          Function 00007FFBAA218F10 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildDeallocTuple_Value_$Bytes_FromString
                                                                                                                                                                                                                                          • String ID: PolicyIdentifier$PolicyQualifier$PolicyQualifierId$Qualifier${s:s, s:N}${s:s,s:N}
                                                                                                                                                                                                                                          • API String ID: 2693019599-3040507794
                                                                                                                                                                                                                                          • Opcode ID: 5eb2cefdf458d5faa3450b65e858db3e35ade2d4c32ffbc7616ede5244d7be4b
                                                                                                                                                                                                                                          • Instruction ID: 035faefe4a7243f4a82461b573e3e8a2d5d9a0802080e69faf3e109c065f0b01
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eb2cefdf458d5faa3450b65e858db3e35ade2d4c32ffbc7616ede5244d7be4b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD418EB2A0AB42D6EB12EF21E45447A77A8FB44B44F440576DE4E03728DF3CE1AAD750
                                                                                                                                                                                                                                          Function 00007FFBAA1E7770 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E7780
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E779B
                                                                                                                                                                                                                                          • GetSecurityDescriptorLength.ADVAPI32(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E77B6
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E77C4
                                                                                                                                                                                                                                          • MakeSelfRelativeSD.ADVAPI32(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E77DD
                                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E77EE
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E77FE
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON312(?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E7822
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorErr_Securitymalloc$FormatLengthMakeRelativeSelfStringValidfree
                                                                                                                                                                                                                                          • String ID: Invalid Security descriptor$MakeSelfRelativeSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                          • API String ID: 1101611553-2210018374
                                                                                                                                                                                                                                          • Opcode ID: cdd9a8532c88bff841c07cfd6c696265eb762b888d14b7727aee3e3aa6988e8e
                                                                                                                                                                                                                                          • Instruction ID: 2e546264dadbd82eb5064aabc6247c57bd85676afb14ae0d5cdd2d06f8181059
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdd9a8532c88bff841c07cfd6c696265eb762b888d14b7727aee3e3aa6988e8e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26313065B0AA81D2EB938B35F84427D63A4FB89B84F444072DE4E87754EF2CDC4AC714
                                                                                                                                                                                                                                          Function 00007FFBAA1E1BC0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Formatmalloc
                                                                                                                                                                                                                                          • String ID: Ace type %d is not supported yet$Error reordering ACL: Unable to allocate acl of size %d$ReorderACL
                                                                                                                                                                                                                                          • API String ID: 1659041409-545600788
                                                                                                                                                                                                                                          • Opcode ID: c18d9d8ae7d97ae56a7e08c44d8be784a2ee1578bc8d9adb9b86b188d5208fff
                                                                                                                                                                                                                                          • Instruction ID: 11812a8b18e66c85115839d96451895a608e9705902f6957104fca09c0d0c315
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c18d9d8ae7d97ae56a7e08c44d8be784a2ee1578bc8d9adb9b86b188d5208fff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4951C3A5A0D692D1E7738F32E44427AB7A9FB8AB80F444076DD8E83754DE3CE846C750
                                                                                                                                                                                                                                          Function 00007FFBAA1E6AA0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_StringUnicode_
                                                                                                                                                                                                                                          • String ID: Internal$InternalHigh$The object is not a PyHANDLE object$can't delete OVERLAPPED attributes$hEvent
                                                                                                                                                                                                                                          • API String ID: 3427960318-2811562281
                                                                                                                                                                                                                                          • Opcode ID: 4afe078daea3ad5df394d0a962044eaf008b59984f3ff696577ffb95ab0c4951
                                                                                                                                                                                                                                          • Instruction ID: 5bc4099775f9ef6d4c12e362c21d0ebb363d764f27faa9441aac14b45b9d2c82
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4afe078daea3ad5df394d0a962044eaf008b59984f3ff696577ffb95ab0c4951
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B24177B1B0EA42E1EA638B35ED4017C63A8FB86794F944171DE5E47794DF2CE8568320
                                                                                                                                                                                                                                          Function 00007FFBAA218780 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$String$Bytes_ClearDeallocLong_MemoryOccurredSequence_Tuple@@U_object@@Voidfreemallocmemset
                                                                                                                                                                                                                                          • String ID: Integer OID must have high order word clear
                                                                                                                                                                                                                                          • API String ID: 1899850966-606765175
                                                                                                                                                                                                                                          • Opcode ID: 68963b0df1b8cfc8be85e7d87409f999e7c3d002caaa80eceb2ffa582505da94
                                                                                                                                                                                                                                          • Instruction ID: 68dd2843117368e6914b8cdca000a24d55cf07b527a3f286a816760fc94ab6f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68963b0df1b8cfc8be85e7d87409f999e7c3d002caaa80eceb2ffa582505da94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A418F76A0AB42C2EB12EF25E45417977A8FB84F90B164172DE1D47748EF3CD866D320
                                                                                                                                                                                                                                          Function 00007FFBAA2175F0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Arg_DeallocKeywords_MemoryParseSequence_SizeStringTupleTuple@@U_object@@malloc
                                                                                                                                                                                                                                          • String ID: Object must be of type PyCERTSTORE$Object used to construct a CRYPT_DECRYPT_MESSAGE_PARA must be a dict$O|kk:CRYPT_DECRYPT_MESSAGE_PARA
                                                                                                                                                                                                                                          • API String ID: 890852602-695212532
                                                                                                                                                                                                                                          • Opcode ID: 95edc658e931994eea7a787aa06eb6f4111cdecfdcd56a7d8f84016dd0d8b888
                                                                                                                                                                                                                                          • Instruction ID: d8971b85675e8789307e593c19a27167b9d3da36f43899c2ce2b8eaabeace2ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95edc658e931994eea7a787aa06eb6f4111cdecfdcd56a7d8f84016dd0d8b888
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7413EB2A0AB86C2EB16EF25E45056973A8FB84B84F544076DE4D43728DF3CE4B6D710
                                                                                                                                                                                                                                          Function 00007FFBAA2118B0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 100threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_U_object@@$Eval_SaveThread$Arg_CertErr_Error@@FreeKeywordsParseRestoreStoreStringTupleWin_
                                                                                                                                                                                                                                          • String ID: CertSaveStore: specified SaveTo parameter is not supported yet$PyCERTSTORE::CertSaveStore$kkkO|k:PyCERTSTORE::CertSaveStore
                                                                                                                                                                                                                                          • API String ID: 2055751396-67509446
                                                                                                                                                                                                                                          • Opcode ID: e35e743d71dfaa799fbfd481adf6fb3b2e9877cc2502e622e089e0071ff0542f
                                                                                                                                                                                                                                          • Instruction ID: 6ee89282480edff50cdeb5c329e24927c1cb1c0de38e21871d000a14f00409ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e35e743d71dfaa799fbfd481adf6fb3b2e9877cc2502e622e089e0071ff0542f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D54158B2B09B02C9EB119F75E8905AD3778FB88B88B040176DE4E53A18DF3CD56AD750
                                                                                                                                                                                                                                          Function 00007FFBAA1EAAE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$FormatUnicode_
                                                                                                                                                                                                                                          • String ID: Expected 'bytes', got '%s'$None is not a valid string in this context$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 744494611-3495899980
                                                                                                                                                                                                                                          • Opcode ID: 05216bfa44e7ee20cd62210ca1a8a19d3a1d4b56492e3c42796aad6ce1c811f1
                                                                                                                                                                                                                                          • Instruction ID: 4b2f0478ee4543bcc3beb01c91baad8a2ec878a6380b5f67b243c61d4c6a9e46
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05216bfa44e7ee20cd62210ca1a8a19d3a1d4b56492e3c42796aad6ce1c811f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C84186A1A0AB82E5EA639F35E84017963A8BF86BD1F544072DD0D47754EE3CD84AC320
                                                                                                                                                                                                                                          Function 00007FFBAA2162E0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_List_String
                                                                                                                                                                                                                                          • String ID: The certificate trust context has been closed
                                                                                                                                                                                                                                          • API String ID: 1546712769-2425537300
                                                                                                                                                                                                                                          • Opcode ID: d88eddf30120aa2ec1391e3519638e95170ca76914e1f2c35d6fb66bcadbf821
                                                                                                                                                                                                                                          • Instruction ID: ff46eba95eaf8887ae26eea7dbafd7273dd40b0c25d03d8011cd64aa3e8c4e9f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d88eddf30120aa2ec1391e3519638e95170ca76914e1f2c35d6fb66bcadbf821
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 413130B1A0AB42C2EB52AB25E450569A3A5FF88B94F440072DE4E47758DF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA21A300 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 83threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Eval_Object_ThreadU_object@@$Arg_CertCheckDeallocEnumError@@FreeKeywordsList_OccurredParseRestoreSaveSequence_StoreStringSystemTupleWin_
                                                                                                                                                                                                                                          • String ID: CertEnumSystemStore$k|O:CertEnumSystemStore
                                                                                                                                                                                                                                          • API String ID: 1559264201-1448371782
                                                                                                                                                                                                                                          • Opcode ID: 963f4b7c8277bcf796c454c7bbc52a59f922cec132d0296640b1d5571f5d443f
                                                                                                                                                                                                                                          • Instruction ID: f1bad68fd7d2498f1fd1d6ed6df60313ee2d1396b8d69706483323bff76b015d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 963f4b7c8277bcf796c454c7bbc52a59f922cec132d0296640b1d5571f5d443f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02314F71A0A742C1EB52AB31E45477A77A8FF84780F540076DE4E43668DF3CE46AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1EAD70 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$FreeMem_$AllocCharFormatUnicode_Wide
                                                                                                                                                                                                                                          • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 2830890580-4125661472
                                                                                                                                                                                                                                          • Opcode ID: 78840e5e7e7d228582c0af9e8a9e90980b7b534fab60ec7c7d0f925024459bc3
                                                                                                                                                                                                                                          • Instruction ID: 88b04dfb8d7d0c45c4d212c44727f63d4585325e55a55b8b43f80a8cfcc460a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78840e5e7e7d228582c0af9e8a9e90980b7b534fab60ec7c7d0f925024459bc3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B73141A5A0AB82D1EBA38B25E84023D63A4FF89B95F444172DE4D43754EF7CDC4AC710
                                                                                                                                                                                                                                          Function 00007FFBAA213210 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 75threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertCertificateContextErr_Error@@KeywordsParseRestoreSaveStringSubjectTupleU_object@@VerifyWin_
                                                                                                                                                                                                                                          • String ID: CertVerifySubjectCertificateContext$Object must be of type PyCERT_CONTEXT$Ok:CertVerifySubjectCertificateContext$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 342392830-4012586357
                                                                                                                                                                                                                                          • Opcode ID: 2bc077aa27d32f1a7a9a452712a252d412cbb86ad3db9c2596383698149164fe
                                                                                                                                                                                                                                          • Instruction ID: 19c8edd61904dee4244e12aa7a52851cfd412cb173ef525d78b0325486815628
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bc077aa27d32f1a7a9a452712a252d412cbb86ad3db9c2596383698149164fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 893163B1A0AB42C1EB52AB65F4504B96369FB84B94B4400B2CE4D47768DE3CD46BD310
                                                                                                                                                                                                                                          Function 00007FFBAA21B8D8 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferBuildFreeFromLong_Mem_ReferenceValueView@@Voidmalloc
                                                                                                                                                                                                                                          • String ID: CertStore$ContentType$Context$FormatType$Msg$MsgAndCertEncodingType${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3158920082-3520626638
                                                                                                                                                                                                                                          • Opcode ID: aee34084a5af3aaddf3dabe7caee63407142e1a6ce2f24b343492831a84ac5b9
                                                                                                                                                                                                                                          • Instruction ID: 1fec9c07d4215fceb4b28de61ba1661dfe38b767c0d8b9b109c836de59b2266c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aee34084a5af3aaddf3dabe7caee63407142e1a6ce2f24b343492831a84ac5b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E316F76A0AB41C5E7129F61E8505A973B8FB48BC4B5401B6DE5D1372CEF3CE42AD720
                                                                                                                                                                                                                                          Function 00007FFBAA2113E0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 70threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Eval_Thread$Arg_CertCloseDeallocError@@KeywordsParseRestoreSaveStoreStringTupleU_object@@WarnWin_
                                                                                                                                                                                                                                          • String ID: Certificate store is already closed$PyCERTSTORE::CertCloseStore$The Flags param to CertCloseStore is deprecated; a non-zero value is likely to crash$|k:PyCERTSTORE::CertCloseStore
                                                                                                                                                                                                                                          • API String ID: 728906781-504232729
                                                                                                                                                                                                                                          • Opcode ID: d7c92b83531a5487edd188cd45348d1bf23e9b87d14c7a7f84227a50b1da60b6
                                                                                                                                                                                                                                          • Instruction ID: c5c4278506f14ef8872137b9bc1db57fd8d177955dc4446894fc762987bf4283
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7c92b83531a5487edd188cd45348d1bf23e9b87d14c7a7f84227a50b1da60b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9315EB5B09B52C2EB12AB35F8544296368FB84FD4B5401B1CE5D47768DF3CE46AD310
                                                                                                                                                                                                                                          Function 00007FFBAA21A4E0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 69threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadU_object@@$Arg_CertDeallocEnumErr_Error@@FreeKeywordsList_Mem_Object_OccurredParsePhysicalRestoreSaveStoreTupleWin_
                                                                                                                                                                                                                                          • String ID: CertEnumPhysicalStore$Ok:CertEnumPhysicalStore
                                                                                                                                                                                                                                          • API String ID: 3491648194-703072266
                                                                                                                                                                                                                                          • Opcode ID: 9ec1f92dc868fbbacbcb2d2006ab48ec1e94c63ef1d60c47e6f2ead2345ac6ea
                                                                                                                                                                                                                                          • Instruction ID: 61bfe7210f8b66436190e2cc3ee826978b895d3f9015806383b64dfc8d608fc0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ec1f92dc868fbbacbcb2d2006ab48ec1e94c63ef1d60c47e6f2ead2345ac6ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5316EB1A1AB06C1EB12AB31E45476937A8BF44BC0F440172DD0E43758DF3CE42AE320
                                                                                                                                                                                                                                          Function 00007FFBAA1EC090 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                          • PyUnicode_FromWideChar.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1CC
                                                                                                                                                                                                                                          • PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                          • PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unicode_$BuildCharDeallocDecodeErr_ErrorFormatFreeFromLastLocalMessageObjectSizeValue_Wide
                                                                                                                                                                                                                                          • String ID: (iNN)$No error message is available$ignore
                                                                                                                                                                                                                                          • API String ID: 2848599001-37674240
                                                                                                                                                                                                                                          • Opcode ID: 643a50901b2b552bbb88332efe27bb625fe03f62ce5503003692dadae792e0a9
                                                                                                                                                                                                                                          • Instruction ID: 167f7af943159a9a59d841638e2e708481b5f420d80b994705eeda5d0322d15b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 643a50901b2b552bbb88332efe27bb625fe03f62ce5503003692dadae792e0a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0751A0A5E0AA42E1FA679F29EC0017963A9FF86B94F544175DE4E03394DE3CE8478360
                                                                                                                                                                                                                                          Function 00007FFBAA2183B0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_MemorySequence_Tuple@@U_object@@malloc
                                                                                                                                                                                                                                          • String ID: Object must be of type PyCERT_CONTEXT$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 2500920456-1580614774
                                                                                                                                                                                                                                          • Opcode ID: 3526201c84e1a4993558b7fa266d69a5e07bb6ef3e280248398264fedb485b9c
                                                                                                                                                                                                                                          • Instruction ID: b9e1b4828d43629ff946907aceb5457fbc2607a3ff00c661008554397cece7fd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3526201c84e1a4993558b7fa266d69a5e07bb6ef3e280248398264fedb485b9c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27414CB2A0AB52C2EB52EF25E494578B7A8FB44B90B054072DE4D47758EF3CE467D320
                                                                                                                                                                                                                                          Function 00007FFBAA211B90 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertCertificateContextErr_Error@@KeywordsParseReferenceRestoreSaveStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertAddCertificateContextToStore$Object must be of type PyCERT_CONTEXT$Ok:CertAddCertificateContextToStore$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 3115178827-3904690713
                                                                                                                                                                                                                                          • Opcode ID: 633acb078bbf3c90e220ae0fad0aba97a869c7f29781002646f2fb95aee5cc82
                                                                                                                                                                                                                                          • Instruction ID: 62c48bef415be959e288295e99a4dbd0a7eeedd98654df22eebccd08320727be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 633acb078bbf3c90e220ae0fad0aba97a869c7f29781002646f2fb95aee5cc82
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C3187B2B0AB42C1EB02AF22F4506756765FB44BD4F484076DE4D03768DE3CE4AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA211CE0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 90threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertErr_Error@@KeywordsLinkParseReferenceRestoreSaveStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertAddCertificateLinkToStore$Object must be of type PyCERT_CONTEXT$Ok:CertAddCertificateLinkToStore$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 2075955176-2827904824
                                                                                                                                                                                                                                          • Opcode ID: 10c386eca6322b0a89886dac6b3fdee227c2074334e3771e000f4419bbc6e788
                                                                                                                                                                                                                                          • Instruction ID: b8a655378b8eafb659acc591ade9700e830840dace287e898997bfc1dc6cfed7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10c386eca6322b0a89886dac6b3fdee227c2074334e3771e000f4419bbc6e788
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 203153B2B0AB46C1EB02AF22F4506756769FB84BD5F480076DE4D07768DE3CE4AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA211E30 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 88threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertContextErr_Error@@FromKeywordsLong_ParseReferenceRestoreSaveStoreStringTupleU_object@@VoidWin_
                                                                                                                                                                                                                                          • String ID: CertAddCTLContextToStore$Object must be of type PyCTL_CONTEXT$Ok:CertAddCTLContextToStore
                                                                                                                                                                                                                                          • API String ID: 4091638707-1852074204
                                                                                                                                                                                                                                          • Opcode ID: 298afc0992a9e264915c8ce7cc88d61e1e562ad450a2216d75597a4e3c5a28de
                                                                                                                                                                                                                                          • Instruction ID: b83f9266510693a34369aea3e42eb131577db02c9e151d85b24890d48e27495c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 298afc0992a9e264915c8ce7cc88d61e1e562ad450a2216d75597a4e3c5a28de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B3132B660AB01C1EB029F21E85066963A5FB88BD5F480076DE4E43768DF3CE4AAD750
                                                                                                                                                                                                                                          Function 00007FFBAA211F80 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 87threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertErr_Error@@FromKeywordsLinkLong_ParseReferenceRestoreSaveStoreStringTupleU_object@@VoidWin_
                                                                                                                                                                                                                                          • String ID: CertAddCTLLinkToStore$Object must be of type PyCTL_CONTEXT$Ok:CertAddCTLLinkToStore
                                                                                                                                                                                                                                          • API String ID: 4118693733-2167048104
                                                                                                                                                                                                                                          • Opcode ID: 9ac093f3347301472c4b224003ee9ee1201f5f29f522eff83e831e6f3bd5fecc
                                                                                                                                                                                                                                          • Instruction ID: 45ed07c6df9b21f9155d895cc1d675436bc634476c170c98294601c48937ed3d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ac093f3347301472c4b224003ee9ee1201f5f29f522eff83e831e6f3bd5fecc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 333142B2706B41C1EB029F22E8505796365FB88BD5F484171DE4E43768DF3CE4AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA217180 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: From$Bytes_DecodeObject_SizeStringU_object@@Unicode_
                                                                                                                                                                                                                                          • String ID: ObjId$Value$ValueType${s:s, s:k, s:N}
                                                                                                                                                                                                                                          • API String ID: 3087831822-1124644876
                                                                                                                                                                                                                                          • Opcode ID: c0b9a7f22bdf30f6073f6549b9224d6f407f286834aeaa5365f259869970dba7
                                                                                                                                                                                                                                          • Instruction ID: 9242a1eebdf9284a660bb794924cd4e289c6aca38f2495581955ec4b60aefa1d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0b9a7f22bdf30f6073f6549b9224d6f407f286834aeaa5365f259869970dba7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C3185B1E0AB42C5DB11EF61E45457927A8EB84B80F080072EE4D43B58DF3CE467D720
                                                                                                                                                                                                                                          Function 00007FFBAA21B89C Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferBuildFreeMem_ReferenceValueView@@malloc
                                                                                                                                                                                                                                          • String ID: CertStore$ContentType$Context$FormatType$Msg$MsgAndCertEncodingType${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3234142203-3520626638
                                                                                                                                                                                                                                          • Opcode ID: be5ba9cf2c52ab8c6484f8d0f5f192128bd78cf0806263e4d257c599e1124afa
                                                                                                                                                                                                                                          • Instruction ID: 43f4fa3fdcd3227e7cfc935be3cb234754b5035b744c807f0b368eac2aea2293
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be5ba9cf2c52ab8c6484f8d0f5f192128bd78cf0806263e4d257c599e1124afa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01316D76A0AB41C5E7129F61E8505A977B8FB48BC4B5401B6DE4D13B2CEF3CE42AD720
                                                                                                                                                                                                                                          Function 00007FFBAA21E960 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$Eval_Thread$Arg_Bool_FreeFromKeywordsLongMem_Object_ParsePasswordRestoreSaveTupleU_object@@U_object@@_Verify
                                                                                                                                                                                                                                          • String ID: OOk:PFXVerifyPassword
                                                                                                                                                                                                                                          • API String ID: 1593006440-1626740757
                                                                                                                                                                                                                                          • Opcode ID: cc6aa2b46b447c727ebda5afecfe78a8e37562766655ce1fa0897fa6b9402fe5
                                                                                                                                                                                                                                          • Instruction ID: 275861964f555a0437c110043b82810d5553f61459f14c9d24ba79d5f2c26dfd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc6aa2b46b447c727ebda5afecfe78a8e37562766655ce1fa0897fa6b9402fe5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA312C72609B86C2DB619F61F4907BAB764FB88B80F404072DE8E43A58DF3CD469DB10
                                                                                                                                                                                                                                          Function 00007FFBAA1ECB50 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Long$Occurred$DeallocLong_$ClearFormatNumber_Unsigned
                                                                                                                                                                                                                                          • String ID: Unable to convert %s to pointer-sized value
                                                                                                                                                                                                                                          • API String ID: 1465853305-2431006615
                                                                                                                                                                                                                                          • Opcode ID: ad716908c59eab2c18602f6836ab5668689e39de7d630bff23f7a61bcdcb4c0d
                                                                                                                                                                                                                                          • Instruction ID: 951f311943b2d54b6155c09e5bb08f7e4feea4cbc0716920adefb23e8763bf6b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad716908c59eab2c18602f6836ab5668689e39de7d630bff23f7a61bcdcb4c0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C213371A0BB82D1EA974F31FD441382364EF4ABB4F044271DD2E42394EE7CE88A8360
                                                                                                                                                                                                                                          Function 00007FFBAA21B91D Relevance: 19.3, APIs: 4, Strings: 7, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromLong_Void$BufferBuildFreeMem_ReferenceValueView@@
                                                                                                                                                                                                                                          • String ID: CertStore$ContentType$Context$FormatType$Msg$MsgAndCertEncodingType${s:k,s:k,s:k,s:N,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3720317137-3520626638
                                                                                                                                                                                                                                          • Opcode ID: 891046fcca284d9e03d77673ac79869b39fbb437459b48f92e2d993ba42f35a3
                                                                                                                                                                                                                                          • Instruction ID: 9bc8abdce690aabd61656d92db4fb5a9e607bddcf918316bbf8e40a16b3e5cd2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 891046fcca284d9e03d77673ac79869b39fbb437459b48f92e2d993ba42f35a3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39214176A0AB45C5E7229F61E8504A937B8FB487D4B5001B6DE4D1372CEF3CE42ADB10
                                                                                                                                                                                                                                          Function 00007FFBAA218E20 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildValue_$Bytes_DeallocFromStringTuple_
                                                                                                                                                                                                                                          • String ID: PolicyIdentifier$PolicyQualifier$PolicyQualifierId$Qualifier${s:s, s:N}${s:s,s:N}
                                                                                                                                                                                                                                          • API String ID: 739664917-3040507794
                                                                                                                                                                                                                                          • Opcode ID: 226b61b421058693266f6982fd65bfd7fdf3c863fe91ba24ca669fc089477a73
                                                                                                                                                                                                                                          • Instruction ID: 0802de712cab717ec0e25adb022c1a79314ebcc5698df7c169bf51811a06e52f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 226b61b421058693266f6982fd65bfd7fdf3c863fe91ba24ca669fc089477a73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3218DB6A0AB42D2E711EF20E494469B768FB48B44B5441B6DE4D03768DF3CE16BD360
                                                                                                                                                                                                                                          Function 00007FFBAA1EBDA0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 38threadmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: State_SwapThread$ErrorFatalFunc$AllocLocalValue
                                                                                                                                                                                                                                          • String ID: Out of memory allocating thread state.$PyWinInterpreterState_Ensure$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                          • API String ID: 4234957216-1490924957
                                                                                                                                                                                                                                          • Opcode ID: fdb1524eb15e5f76735f0c868ecce0d95253c296dba6ef99d2c73a1a3d4f27e4
                                                                                                                                                                                                                                          • Instruction ID: c15c24aff43a00a6926d579521cfed61e82128f4c473e55f6c204c69aa7db608
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdb1524eb15e5f76735f0c868ecce0d95253c296dba6ef99d2c73a1a3d4f27e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5711CEA4A0BB46E1EB979B24E85426922A8BF55704F40447ACD4E07364EE3CED5A8320
                                                                                                                                                                                                                                          Function 00007FFBAA217C60 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Arg_Keywords_ParseSizeTuple
                                                                                                                                                                                                                                          • String ID: CRYPT_SIGN_MESSAGE_PARA: HashAuxInfo parm not yet supported$CRYPT_SIGN_MESSAGE_PARA: MsgCrl parm not yet supported$OO|OOOOOkkk:CRYPT_SIGN_MESSAGE_PARA$Object must be of type PyCERT_CONTEXT$Object used to construct CRYPT_VERIFY_MESSAGE_PARA structure must be a dict$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 1444107868-2519308533
                                                                                                                                                                                                                                          • Opcode ID: 98e464784276a59d2b0b045435c86bcef1f0ce8fdc3807a90172b2d791ad2536
                                                                                                                                                                                                                                          • Instruction ID: 733e52dca1d86c882bdde9934611f042adbaf01e73289b6da3f4eedce74e7f0b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98e464784276a59d2b0b045435c86bcef1f0ce8fdc3807a90172b2d791ad2536
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A512BB2A0AB86C1EB219F30E4903A973A9FB84744F505172DE4C47668EF3CD5AAD750
                                                                                                                                                                                                                                          Function 00007FFBAA1EC260 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: SizeUnicode_$Arg_BuildCharDeallocDecodeErr_FormatFromMessageObjectParseTuple_Value_Widewsprintf
                                                                                                                                                                                                                                          • String ID: COM Error 0x%x$iNzz
                                                                                                                                                                                                                                          • API String ID: 4068968878-4252557710
                                                                                                                                                                                                                                          • Opcode ID: 73344a6563c35f489327fd1dff94f929dc162270d8c375d61b3fe3ba2a73dca4
                                                                                                                                                                                                                                          • Instruction ID: 7f2a8501c339cc793cd716083f2723cbf81ecccdbd6821bf55dd3d1427c93c00
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73344a6563c35f489327fd1dff94f929dc162270d8c375d61b3fe3ba2a73dca4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D64187A1A0A682D2EB638B34EC5437A63A8FF86790F404176DE5D426A4DF3CD8478714
                                                                                                                                                                                                                                          Function 00007FFBAA1EC700 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAA1EC73D
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAA1EC76F
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAA1EC7A2
                                                                                                                                                                                                                                          • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAA1EC7DB
                                                                                                                                                                                                                                          • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAA1EC7E8
                                                                                                                                                                                                                                          • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAA1EC7F5
                                                                                                                                                                                                                                          • PyLong_FromUnsignedLong.PYTHON312 ref: 00007FFBAA1EC802
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312 ref: 00007FFBAA1EC840
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EA170: PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAA1E99ED), ref: 00007FFBAA1EA1B4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EA170: _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAA1E99ED), ref: 00007FFBAA1EA213
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$FromLongLong_Unsigned$FileSystem$BuildDeallocSizeValue_$AttrDecodeErr_ErrorFormatFreeLastLocalMessageObjectObject_StringUnicode_
                                                                                                                                                                                                                                          • String ID: FileTimeToSystemTime$lNNNNNNNuu
                                                                                                                                                                                                                                          • API String ID: 198253700-4021486075
                                                                                                                                                                                                                                          • Opcode ID: 1656004b36c4f6e3bc16a1197bf51eb6bde67187bf5cbc8a341de0f46233e049
                                                                                                                                                                                                                                          • Instruction ID: 1e539c1344cee5273c1341db6d1b17ddf93e0f69f1315419f11ad5a6210a6493
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1656004b36c4f6e3bc16a1197bf51eb6bde67187bf5cbc8a341de0f46233e049
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47416F76A0AA81E1E663DB21E8445AE73A8FB8A780F454076DE9D42754EF3CD84BC710
                                                                                                                                                                                                                                          Function 00007FFBAA211A30 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 83threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_ThreadView@@$Arg_CertCertificateEncodedError@@KeywordsParseRestoreSaveStoreTupleU_object@@U_object@@_Win_
                                                                                                                                                                                                                                          • String ID: PyCERTSTORE::CertAddEncodedCertificateToStore$kOk:CertAddEncodedCertificateToStore
                                                                                                                                                                                                                                          • API String ID: 3039583314-3378692726
                                                                                                                                                                                                                                          • Opcode ID: 85bfe71ad00585f58138ad011e0596d0c86a4ebad7124706af7093a30b0d8a95
                                                                                                                                                                                                                                          • Instruction ID: 443b566b95bf684236da949500f081f38db8df7e3e60de9748dd02217e4ddedf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85bfe71ad00585f58138ad011e0596d0c86a4ebad7124706af7093a30b0d8a95
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3341D275A09B81C2E7119F21F490A6A7369FB88BC0F144176DE4D43B18DF3CE56AD750
                                                                                                                                                                                                                                          Function 00007FFBAA1EAED0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                          • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                          • API String ID: 3849944921-1275048830
                                                                                                                                                                                                                                          • Opcode ID: 707c45b96feac0c59aa52d167ab1cc9c607e83381189aed7103ba1a0e6978a90
                                                                                                                                                                                                                                          • Instruction ID: 9a93fa9d2aa1d39662b141af6a13bb7f76851278c42ecbd812b20aa408911b13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 707c45b96feac0c59aa52d167ab1cc9c607e83381189aed7103ba1a0e6978a90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A3133B1A1BA82E1EB97CF25E88017C6364FB89B94F545072EE4D47754DF2CDC4A8710
                                                                                                                                                                                                                                          Function 00007FFBAA2161E0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_List_String
                                                                                                                                                                                                                                          • String ID: The certificate trust context has been closed
                                                                                                                                                                                                                                          • API String ID: 1546712769-2425537300
                                                                                                                                                                                                                                          • Opcode ID: cb0d3b662a4503c8a4386d0f26b00bd50232edcb57c568a3340bf02d429b770b
                                                                                                                                                                                                                                          • Instruction ID: efce51582810c4efb4b2923567ec95abe644f950913afa0df8b97c82daabd65a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb0d3b662a4503c8a4386d0f26b00bd50232edcb57c568a3340bf02d429b770b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90212471A0AB43C5EB56AB75E46053DA398AF88B94B180071DE4E4775CDE3CE4679310
                                                                                                                                                                                                                                          Function 00007FFBAA21AB80 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 62threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object_$Eval_FreeThreadU_object@@$Arg_CertError@@KeywordsParseRestoreSaveStoreSystemTupleUnregisterWin_
                                                                                                                                                                                                                                          • String ID: CertUnregisterSystemStore$Ok:CertUnregisterSystemStore
                                                                                                                                                                                                                                          • API String ID: 76350630-1006014767
                                                                                                                                                                                                                                          • Opcode ID: e89f042e54109d4d1a37db057e2ec975e615ccce343414b5fa84669c0ecefb9c
                                                                                                                                                                                                                                          • Instruction ID: 8d703f316f9866a970d9dbda3dc26855aea005f960aa16c8288a27ac905776f0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e89f042e54109d4d1a37db057e2ec975e615ccce343414b5fa84669c0ecefb9c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31211071A19B51C2E741AB65F89046AB768FB88BD0B440072EE8F43B28CF3CD56AD710
                                                                                                                                                                                                                                          Function 00007FFBAA216880 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • pvPara must be represented as a sequence of (PyHKEY, string/unicode), xrefs: 00007FFBAA2168A1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Sequence_$DeallocItemObject_U_object@@$CheckErr_SizeStringY__@@@
                                                                                                                                                                                                                                          • String ID: pvPara must be represented as a sequence of (PyHKEY, string/unicode)
                                                                                                                                                                                                                                          • API String ID: 3671526842-570033640
                                                                                                                                                                                                                                          • Opcode ID: 9ef868af4118252191641dd7c19d517e50ca020eb87e7b258840976193ca259c
                                                                                                                                                                                                                                          • Instruction ID: 6700e6a6116ae2965f0922392274236274c1213b03c097758df537c57cc5cb24
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ef868af4118252191641dd7c19d517e50ca020eb87e7b258840976193ca259c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E2151B1A09B43C2EB55AF36E85453963A9EB84BD4F085071DE4E4771CDE3CE4AA9310
                                                                                                                                                                                                                                          Function 00007FFBAA1EBCD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyObject_GetAttrString.PYTHON312 ref: 00007FFBAA1EBCEC
                                                                                                                                                                                                                                          • PyErr_Clear.PYTHON312 ref: 00007FFBAA1EBCFA
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB65
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB73
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB81
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB90
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB9B
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBB3
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBC7
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBE6
                                                                                                                                                                                                                                          • PyCallable_Check.PYTHON312 ref: 00007FFBAA1EBD08
                                                                                                                                                                                                                                          • PyObject_CallObject.PYTHON312 ref: 00007FFBAA1EBD17
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON312 ref: 00007FFBAA1EBD29
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON312 ref: 00007FFBAA1EBD5F
                                                                                                                                                                                                                                          • PyErr_Clear.PYTHON312 ref: 00007FFBAA1EBD69
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1EBD80
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$ClearDeallocOccurred$Long_Object_String$AttrCallCallable_CheckFormatNumber_ObjectUnsigned
                                                                                                                                                                                                                                          • String ID: Expected a socket object or numeric socket handle$fileno
                                                                                                                                                                                                                                          • API String ID: 4289764861-511972153
                                                                                                                                                                                                                                          • Opcode ID: 2dd725ec1b4e742cf62ce993a9d7f4ae9effbc43d9565e007f6678adc2bd38c0
                                                                                                                                                                                                                                          • Instruction ID: 3147aa309f0a9ae58ae9e5d36858e11246eb99ae2bfbf56d0055820836a32a95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dd725ec1b4e742cf62ce993a9d7f4ae9effbc43d9565e007f6678adc2bd38c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F2136A1B0E942D1EA979B36FD4417D5269BF86BD4F048071DD4E47754EE2CD84A8310
                                                                                                                                                                                                                                          Function 00007FFBAA1E9840 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Object_$AttrCallImportImport_MethodModuleStringTuple_
                                                                                                                                                                                                                                          • String ID: TimeZoneInfo$utc$win32timezone
                                                                                                                                                                                                                                          • API String ID: 4031171350-3909237026
                                                                                                                                                                                                                                          • Opcode ID: 16713155a17ffb0bafa7ead2b81a85769f0b8c53c87e4ec7d2e06c3fdaf49409
                                                                                                                                                                                                                                          • Instruction ID: 40692cbdf71d350f4bb60065e7bf95b1ca3b7f0f9b0b0301e2555078c3942f77
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16713155a17ffb0bafa7ead2b81a85769f0b8c53c87e4ec7d2e06c3fdaf49409
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C52106A1A0BB8AE1FE974F35EC441786398AF46B50F4854B6CD1D06364FF2DEC568320
                                                                                                                                                                                                                                          Function 00007FFBAA21A1B0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 53threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertDeallocEnumErr_Error@@KeywordsList_LocationOccurredParseRestoreSaveStoreSystemTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertEnumSystemStoreLocation$|k:CertEnumSystemStoreLocation
                                                                                                                                                                                                                                          • API String ID: 1777273059-4282623423
                                                                                                                                                                                                                                          • Opcode ID: 3d960c4faeb7069bc676d73643ddfab40c0284c1adb08696be3b56f9014fe064
                                                                                                                                                                                                                                          • Instruction ID: d48affca2c9daa570d2df59b042c7e57210020156ccbb29d065b3c1299906a1f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d960c4faeb7069bc676d73643ddfab40c0284c1adb08696be3b56f9014fe064
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A91190B4A0AB52C1EB12AB71F45457963A8BF48BD0F0400B2CD4D03768DE3CE56BD710
                                                                                                                                                                                                                                          Function 00007FFBAA121030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721214197.00007FFBAA121000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA120000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721195452.00007FFBAA120000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721230705.00007FFBAA123000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721246765.00007FFBAA125000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa120000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                          • Instruction ID: 4aed53e647531d87c6ff9b954e82e40c9ff481836b087e2c7f19834ba1be41d7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0819DF1E0A247E6FA63DB75E4612B92299AF47780F1440B5DE4C83796DE3CE44F8620
                                                                                                                                                                                                                                          Function 00007FFBAA111030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721145672.00007FFBAA111000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FFBAA110000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721130032.00007FFBAA110000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721162728.00007FFBAA113000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721178652.00007FFBAA115000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa110000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                          • Instruction ID: 3d6a222fd07b72bd658b8f27ced7eda4378b8c62d033bd7715fb0b5ccba3320e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b665e2aa0a1aafc407c8626279c8168d645185ea6c4bd927f3a78105dbac7c58
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E819EE4E1E247E6F6939B75D4412B9AE99AF47B80F5440BFDD0C43796DE2CE4038620
                                                                                                                                                                                                                                          Function 00007FFBAA191030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721782896.00007FFBAA191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFBAA190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721766538.00007FFBAA190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721801582.00007FFBAA192000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721820820.00007FFBAA194000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa190000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: b83bcfdbda2627b91fecea52bb080c46b8b041ebfc422aeaa466320814e2d747
                                                                                                                                                                                                                                          • Instruction ID: 141f505a8e7510e45b31b835660e1f735f97007d688a595f71ed786f2a1efd9c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b83bcfdbda2627b91fecea52bb080c46b8b041ebfc422aeaa466320814e2d747
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19815BA1E0A242E6F693AB76D4813BD539DAF47780F5844B5DE0D83796DF2CE483C620
                                                                                                                                                                                                                                          Function 00007FFBAA141030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721348074.00007FFBAA141000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAA140000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721331278.00007FFBAA140000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721365877.00007FFBAA143000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721384327.00007FFBAA144000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721401219.00007FFBAA145000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa140000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 901c4ed8dfb2fa8bec28092366649e101174f81302d3072108d76d4d737ca59f
                                                                                                                                                                                                                                          • Instruction ID: 586fa19bf197e40555987e195f8dadc5ab210c5edfbaa60e15b2d272f6a42108
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 901c4ed8dfb2fa8bec28092366649e101174f81302d3072108d76d4d737ca59f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2881ACF0E9A243E7F653AB7DD4412B9269DAF87B80F1440B5DE0D83796DE2CE4078620
                                                                                                                                                                                                                                          Function 00007FFBAA21F3E4 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 835bbe5b0b90874ad59693feb0988abd7f6f61f1015cdd76da9fac53434a864d
                                                                                                                                                                                                                                          • Instruction ID: 76c2ddd56e441c5296490df0af0c87a01a9ca2390be5da31b80460c89c706965
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 835bbe5b0b90874ad59693feb0988abd7f6f61f1015cdd76da9fac53434a864d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA81C2B1E0E343C6F652BB75D4512B52A98AF84780F5440B7DE2D4379EDF2CE827A620
                                                                                                                                                                                                                                          Function 00007FFBAA21EEB0 Relevance: 16.6, APIs: 11, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ReadyType_$Module_$Create2DictEnsure@@Globals_Tuple_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 740114199-0
                                                                                                                                                                                                                                          • Opcode ID: 0e385c57cc21cb54bddbea2df93a7bcfde5624c2a4d89f2eb2c48f2319c9fdf3
                                                                                                                                                                                                                                          • Instruction ID: ebf9fa147c3f57d9e82e50f991bcf856cfe175f2cf791d72e682b51a3551b2c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e385c57cc21cb54bddbea2df93a7bcfde5624c2a4d89f2eb2c48f2319c9fdf3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD21CBB190AB06C6F616B734DC644342259AF40761BA407B1DD3E811F8EF2CA9FFA260
                                                                                                                                                                                                                                          Function 00007FFBAA21AA50 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 71threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Object_ThreadU_object@@$Arg_CertCheckErr_Error@@FreeKeywordsParseRegisterRestoreSaveSequence_StoreStringSystemTupleWin_
                                                                                                                                                                                                                                          • String ID: CertRegisterSystemStore$Ok:CertRegisterSystemStore
                                                                                                                                                                                                                                          • API String ID: 285079833-494802307
                                                                                                                                                                                                                                          • Opcode ID: b997f9a2ac4180fcfe81190e16b5724dd7e6979e9abafcc0edc84c563f3beee0
                                                                                                                                                                                                                                          • Instruction ID: 7fe599c9f0b19cfa14f6f7b2553776726143d98d47c882671ecaaf511992c2d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b997f9a2ac4180fcfe81190e16b5724dd7e6979e9abafcc0edc84c563f3beee0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6317072A19B41C2E751AB35F49056A77A9FB84BC0F540072EE4E43A6CCF3CE566DB10
                                                                                                                                                                                                                                          Function 00007FFBAA2120C0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 67threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertCollectionErr_Error@@KeywordsParseRestoreSaveStoreStringTupleU_object@@Win_
                                                                                                                                                                                                                                          • String ID: CertAddStoreToCollection$Object must be of type PyCERTSTORE$O|kk:CertAddStoreToCollection
                                                                                                                                                                                                                                          • API String ID: 1239160312-826948340
                                                                                                                                                                                                                                          • Opcode ID: 4bf5d8587867fd4c0caf4860633a02a570f078ca0fdd60e9a774f4b6e0927e3e
                                                                                                                                                                                                                                          • Instruction ID: 2aa5c79d839b8b3c4a26f74152b2bb5322a9759d9497193ca9e6b668af0082c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bf5d8587867fd4c0caf4860633a02a570f078ca0fdd60e9a774f4b6e0927e3e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F311EB1B09B46C2EB01EF66E89446933A9FB84BC4B550172DE5D43768CF3CE4AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA2124A0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: From$Bool_BuildBytes_LongSizeStringTuple_Value
                                                                                                                                                                                                                                          • String ID: Critical$ObjId$Value${s:s,s:N,s:N}
                                                                                                                                                                                                                                          • API String ID: 3744456896-3786422732
                                                                                                                                                                                                                                          • Opcode ID: d86209c29432c3dde1ab25b32e536cb4df9c6b590ee9a9ef732ec298b1076f98
                                                                                                                                                                                                                                          • Instruction ID: 339111dda362407966c12d150cb993eef069436851e5a203c9efde07cf38a284
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d86209c29432c3dde1ab25b32e536cb4df9c6b590ee9a9ef732ec298b1076f98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7621ADB2E0AB01C2EB02AB25E45417937A9FB48B94F080075EE4D0371CEF3CE5A6D720
                                                                                                                                                                                                                                          Function 00007FFBAA1EC3E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Buffer_Err_ParseReleaseSizeStringTuple_
                                                                                                                                                                                                                                          • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                          • API String ID: 2872489292-686265896
                                                                                                                                                                                                                                          • Opcode ID: 2255fffdc18b28b1a602e145245e94887b14e5a616429a3cfb698ddea7cb3a63
                                                                                                                                                                                                                                          • Instruction ID: 4712217cba238cefdc8028f996075203018933277755da75e0496895cf27f689
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2255fffdc18b28b1a602e145245e94887b14e5a616429a3cfb698ddea7cb3a63
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE313EA2A0AA82E1EAB39B24EC4017963A8FBC5754F544172DD4D42664DF2CE90BC760
                                                                                                                                                                                                                                          Function 00007FFBAA213867 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$BufferCertCertificateContextErr_Error@@FreeLongLong_Object_OccurredPropertyRestoreSaveU_object@@UnsignedView@@Win_
                                                                                                                                                                                                                                          • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                          • API String ID: 2928820455-430795800
                                                                                                                                                                                                                                          • Opcode ID: 2e63ff136cb6f8eb7a8a1f81ee5c6e66102bebf8cd2b18707f89aa9ccd190eba
                                                                                                                                                                                                                                          • Instruction ID: d671e0ac16d9c182ef238109ea3b38da4d6a19e7fd096c5960ba6aa92de7f4b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e63ff136cb6f8eb7a8a1f81ee5c6e66102bebf8cd2b18707f89aa9ccd190eba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C21172B5A0A742C5E766BB35D46457C2769EF45794B0401B1DE0E4375CDE2CA82BE320
                                                                                                                                                                                                                                          Function 00007FFBAA1EBEB0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 36memorythreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFatalFuncValue$AllocLocalState_Thread
                                                                                                                                                                                                                                          • String ID: Can not setup thread state, as have no interpreter state$Out of memory allocating thread state.$PyWinThreadState_Ensure
                                                                                                                                                                                                                                          • API String ID: 1925565299-3250566352
                                                                                                                                                                                                                                          • Opcode ID: 81a627f479a4f4e6372c1f023ffb07668953bc081b3a4ff38f78ee2adcd5121e
                                                                                                                                                                                                                                          • Instruction ID: 9197ec0888765d3ae367e2f126be44617019065e17c576a790d4f27c9f96f2f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81a627f479a4f4e6372c1f023ffb07668953bc081b3a4ff38f78ee2adcd5121e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9211BEB4A0FA42E2EA979F24EC902682368BF55704F4444B6CD0D57264EE7DFD5A8720
                                                                                                                                                                                                                                          Function 00007FFBAA1EBAA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_Err_Release$BufferFormatFreeMem_Object_String
                                                                                                                                                                                                                                          • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                          • API String ID: 1675121998-686265896
                                                                                                                                                                                                                                          • Opcode ID: 36a83c9242e7e84fc00db936510af87f0f82ecc5178088cf441a11d5fdfb1027
                                                                                                                                                                                                                                          • Instruction ID: 33f76a6f5ee6439a38ae108094780d56385d090f6d83da44dc1906a67ef6ee4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a83c9242e7e84fc00db936510af87f0f82ecc5178088cf441a11d5fdfb1027
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A43121A1A0AA51D1EBA78F35E8803382364FF85B54F445072DD5D476A8DF3CEC9AC750
                                                                                                                                                                                                                                          Function 00007FFBAA211500 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 59threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_ThreadU_object@@$Arg_CertControlError@@KeywordsObject_ParseRestoreSaveStoreTupleWin_
                                                                                                                                                                                                                                          • String ID: CertControlStore$kkO:CertControlStore
                                                                                                                                                                                                                                          • API String ID: 2053635168-113208596
                                                                                                                                                                                                                                          • Opcode ID: e1665dd52756a6bb5379aa5031db5c7b66e1ddc10190df535098779e1e7791b3
                                                                                                                                                                                                                                          • Instruction ID: ef0ade0fdd2e3134608c15e0bf3e9ffa18dadc08801bf0f578d86244d092707b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1665dd52756a6bb5379aa5031db5c7b66e1ddc10190df535098779e1e7791b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52213EB1B09B05C1EB019F66E89446933A9FB84BD0B540176DE5E43728DF3DE4AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA21381E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Object_ThreadU_object@@$BufferCertCertificateContextE@@@Error@@FreePropertyRestoreSaveView@@Win_
                                                                                                                                                                                                                                          • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                          • API String ID: 2839949420-430795800
                                                                                                                                                                                                                                          • Opcode ID: cd4a22de232935c4551e60f96e6fd2d1b7a3e280d5735cb79b9b62dd666cbd74
                                                                                                                                                                                                                                          • Instruction ID: a5f7d3522b1dbe27e580062cf17c8fb6fe8a5807c0569a35a397a90e595fc707
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd4a22de232935c4551e60f96e6fd2d1b7a3e280d5735cb79b9b62dd666cbd74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD217CB6B0A742C5E766AF75D46447C2769FB44B84B0400B2DE0E5376CDE38E82BE320
                                                                                                                                                                                                                                          Function 00007FFBAA213844 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Object_ThreadU_object@@$BufferCertCertificateContextError@@FreePropertyRestoreSaveView@@Win_
                                                                                                                                                                                                                                          • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                          • API String ID: 1244965724-430795800
                                                                                                                                                                                                                                          • Opcode ID: 9e134f5eb02bdcca9df14db372a070e58457e34017cec55f7ee906a1eaa94e11
                                                                                                                                                                                                                                          • Instruction ID: 4bd62f4f18d8aaef0adfdb8eff1c21d21b939bfa9bcc26243c62613bc3487daf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e134f5eb02bdcca9df14db372a070e58457e34017cec55f7ee906a1eaa94e11
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B1190B6B0A742C6E766EF35D4649BC2769EB44784B0400B2DE0F5375CDE38E81AD720
                                                                                                                                                                                                                                          Function 00007FFBAA21388D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_ThreadView@@$?init@CertCertificateContextError@@FreeObject_PropertyRestoreSaveU_object@@U_object@@_Win_
                                                                                                                                                                                                                                          • String ID: CertSetCertificateContextProperty
                                                                                                                                                                                                                                          • API String ID: 1617547322-430795800
                                                                                                                                                                                                                                          • Opcode ID: f27181a7de84c328d29fba2eb0f6b290ac4dc65668c650c412085dbecc3828c4
                                                                                                                                                                                                                                          • Instruction ID: ac92339da31bb0725f267ff953478d30dd41fc139444ecb1c9d2d17ea5152395
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f27181a7de84c328d29fba2eb0f6b290ac4dc65668c650c412085dbecc3828c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1311B476B06741CAE762EF35E4A49BC3769EB44B84B0400B1DE0E53B5CDE38E91AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1E9A20 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocObject_$AttrBuildCallSizeStringTuple_Value
                                                                                                                                                                                                                                          • String ID: (s)$strftime
                                                                                                                                                                                                                                          • API String ID: 4125559156-1254993691
                                                                                                                                                                                                                                          • Opcode ID: f271ca0000b76510a5b7333935f7d38f84b61be0f30e414fcb8fdb346cffc6a8
                                                                                                                                                                                                                                          • Instruction ID: 87853ac761cf76b58544cd7b467d27ed68562a4b3262438cde032645b11d6893
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f271ca0000b76510a5b7333935f7d38f84b61be0f30e414fcb8fdb346cffc6a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B116AA1A0AB82D1FE578F32E944139A398AF86FD0F4C4471DD4D07754FE2DE8168710
                                                                                                                                                                                                                                          Function 00007FFBAA1E8750 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                          • String ID: (ii)$:GetSecurityDescriptorControl$GetSecurityDescriptorControl$GetSecurityDescriptorControl - invalid sd
                                                                                                                                                                                                                                          • API String ID: 1292091245-2499011972
                                                                                                                                                                                                                                          • Opcode ID: 899b441f1e08e56cc03e74a8b13421d7ce615e6febe98fda2992056ca5000227
                                                                                                                                                                                                                                          • Instruction ID: 68f55ce1df6d93833413ab23fef536d45be257cb7f2b470083a3ad4ebb5e284e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 899b441f1e08e56cc03e74a8b13421d7ce615e6febe98fda2992056ca5000227
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D0186D5F1A582E2EB578B32EC400B92364EF86750B081076DD5E86654EE3CD98A8720
                                                                                                                                                                                                                                          Function 00007FFBAA21A798 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 46threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$BufferCertErr_ErrorFreeLastObject_OpenRestoreSaveStoreView@@Warn
                                                                                                                                                                                                                                          • String ID: Para ignored for CERT_STORE_PROV_MEMORY
                                                                                                                                                                                                                                          • API String ID: 1900364133-3327432420
                                                                                                                                                                                                                                          • Opcode ID: bfb33b5b48d9b566eda6fa14350e6de23841308bfd04e6c5fa9fb377fc83401c
                                                                                                                                                                                                                                          • Instruction ID: 857cf215f5d981569faf86188776cdfb72299cf3147ae28c39668464b3ef29c4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfb33b5b48d9b566eda6fa14350e6de23841308bfd04e6c5fa9fb377fc83401c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3110B75B0AB42C9E726AB72E8506782769EB44BD4F0501B2CD0E5375CCE3CE46BE320
                                                                                                                                                                                                                                          Function 00007FFBAA213010 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 38threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$CertErr_Error@@IntendedRestoreSaveStringU_object@@UsageWin_
                                                                                                                                                                                                                                          • String ID: CertGetIntendedKeyUsage$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 1728261811-2907928091
                                                                                                                                                                                                                                          • Opcode ID: e77172f3517c24f7ac26652bf83582cf610565c9766c26ad3f2470ec7aaf91c5
                                                                                                                                                                                                                                          • Instruction ID: bb7502ddcf7fc2b0793adf6de9f7182b34cb5f3460fc689f5854d77ef92a6cfc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e77172f3517c24f7ac26652bf83582cf610565c9766c26ad3f2470ec7aaf91c5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A30152B1B1A742C2EF15AB72E4949792369FF94B85F081071DE0E0766CDE2CD4ABD710
                                                                                                                                                                                                                                          Function 00007FFBAA219070 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$Bytes_FromString$BuildValue_
                                                                                                                                                                                                                                          • String ID: CertIssuer$CertSerialNumber$KeyId${s:N, s:N, s:N}
                                                                                                                                                                                                                                          • API String ID: 2781604664-3203442839
                                                                                                                                                                                                                                          • Opcode ID: dd284099436d09809f66bca25f393a4917dcd55638179a0eef1fd78708d07dac
                                                                                                                                                                                                                                          • Instruction ID: 6dce321ba612df50366c5988b9520f9ef509817b9e9c6fb613dc245cbd3640bf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd284099436d09809f66bca25f393a4917dcd55638179a0eef1fd78708d07dac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19011EB5A09B41C2D721DF21F89046A7378FB88B90B1441B2DE8E43728DF3CD56AC750
                                                                                                                                                                                                                                          Function 00007FFBAA2174E0 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                          • String ID: ExtraInfo$GroupId$Name$OID$Value${s:s,s:u,s:k,s:k,s:N}
                                                                                                                                                                                                                                          • API String ID: 1860207225-1172115252
                                                                                                                                                                                                                                          • Opcode ID: e933852c63ae730845ffaf1568978656f5160778305068bd4a6a0f355868c62d
                                                                                                                                                                                                                                          • Instruction ID: 60ca69af3f50bd9baaf095ca26e6e1bef79446c4b6bcfb3bcb95dfb5ca0dc7fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e933852c63ae730845ffaf1568978656f5160778305068bd4a6a0f355868c62d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50012CB690AB45C6D721DF20F49049973B8FB58B48B500176DE8D43728EF3CD26ACB60
                                                                                                                                                                                                                                          Function 00007FFBAA1EE908 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 349153199-0
                                                                                                                                                                                                                                          • Opcode ID: 70f854044df5acb2ce3175ee53db70c69d323c809d2866dc920b2ba8ef5ec66e
                                                                                                                                                                                                                                          • Instruction ID: 8d6aebafe5b5d58bd32e2acbe34a93a1058dfb5fe06469575d8028991b5c1e72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70f854044df5acb2ce3175ee53db70c69d323c809d2866dc920b2ba8ef5ec66e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F181AEA0E0E743F6F6A7AB75D4406B96699AF87780F0880B5DD4D433D6DF2CE8478620
                                                                                                                                                                                                                                          Function 00007FFBAA1E6350 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • LARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFBAA1E63FE
                                                                                                                                                                                                                                          • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFBAA1E63C1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleWarn
                                                                                                                                                                                                                                          • String ID: LARGE_INTEGER must be 'int', or '(int, int)'$Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead
                                                                                                                                                                                                                                          • API String ID: 3944559157-3919795897
                                                                                                                                                                                                                                          • Opcode ID: 59b4d8ec125ac6524fe44f67723db926a36914beee4ad5eee682b635ad582c84
                                                                                                                                                                                                                                          • Instruction ID: d8bdd68dc71426332ae8ca19ac438194f7b13721b8560bc347d1109fd9b8a63e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59b4d8ec125ac6524fe44f67723db926a36914beee4ad5eee682b635ad582c84
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E215571B09A81D1EB528F29F88016D6374FB89BD4F445172EF5D43768DE2CD88AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1E58F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1E5958
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB65
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB73
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB81
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB90
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB9B
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBB3
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBC7
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBE6
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1E5999
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32 ref: 00007FFBAA1E59AC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$Occurred$Long_String$ClearCloseDeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                          • String ID: HANDLE must be a PyHKEY$PyHKEY$RegCloseKey$The object is not a PyHANDLE object
                                                                                                                                                                                                                                          • API String ID: 3516211060-2695813183
                                                                                                                                                                                                                                          • Opcode ID: d69c62bc09f853d0e6f1f910dfc9cb01cdd64d02257b89517463281ab8676dbe
                                                                                                                                                                                                                                          • Instruction ID: 05894bb3215495f71dc2093074ac4df5ac0adcc9866c2ed5be50291ef62accb9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d69c62bc09f853d0e6f1f910dfc9cb01cdd64d02257b89517463281ab8676dbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5521B195B1A942D1EB538B31D89007D239AEF85BA4F445076DE4E47254DF6CDD8FC320
                                                                                                                                                                                                                                          Function 00007FFBAA1E7040 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocErr_StringUnicode_strcmp
                                                                                                                                                                                                                                          • String ID: SECURITY_DESCRIPTOR$The object is not a PySECURITY_DESCRIPTOR object$can't delete SECURITY_ATTRIBUTES attributes
                                                                                                                                                                                                                                          • API String ID: 2499284733-1426751177
                                                                                                                                                                                                                                          • Opcode ID: 80ea741ab7d6b184c6713a1cdd19ccf7cb0727e26e110be3e3f3ef5f66facdf7
                                                                                                                                                                                                                                          • Instruction ID: 045b079f31828eb05c4c83879058a1c6791930af5bbf2f3b1e3472207884c866
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ea741ab7d6b184c6713a1cdd19ccf7cb0727e26e110be3e3f3ef5f66facdf7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 092135B5A0AA82E1FE97CB35E84003863A8FB46BD4F4451B2DE1D47755DF2CE9578320
                                                                                                                                                                                                                                          Function 00007FFBAA1E22E0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • lllO, xrefs: 00007FFBAA1E2354
                                                                                                                                                                                                                                          • EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}, xrefs: 00007FFBAA1E238E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                          • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$lllO
                                                                                                                                                                                                                                          • API String ID: 959004690-1584370844
                                                                                                                                                                                                                                          • Opcode ID: cc2ae5c7b83a6cc19aa222611215686e05a02c5e12874075675e02da708e2e6c
                                                                                                                                                                                                                                          • Instruction ID: a952c94ea930b476dfce968f89ec4adc5d1ebae0d4f47b3c1e70f3bad28a851e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc2ae5c7b83a6cc19aa222611215686e05a02c5e12874075675e02da708e2e6c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 602161B2A09B81D2DA578F21E80017D73A4FB89B94F044276EE4E07B14EF7CE999C740
                                                                                                                                                                                                                                          Function 00007FFBAA1ED0A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Buffer_Err_Release$BufferFormatObject_String
                                                                                                                                                                                                                                          • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                          • API String ID: 1670810688-686265896
                                                                                                                                                                                                                                          • Opcode ID: 2eb95f7d662f013894336c9492278a8ccab15d0d485027fc4128c6d3b10bfa47
                                                                                                                                                                                                                                          • Instruction ID: 522d15e1b3d4484e440d5a7c6e7d2168b1ca6b39baa0730ae3df7708bb0aa746
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eb95f7d662f013894336c9492278a8ccab15d0d485027fc4128c6d3b10bfa47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED2151A160AA82D4EBA78F35E85023963A8EB86F94F148472DD5D477A4DF3CDC46C360
                                                                                                                                                                                                                                          Function 00007FFBAA1E6450 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • ULARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFBAA1E64CA
                                                                                                                                                                                                                                          • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFBAA1E64EE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleUnsignedWarn
                                                                                                                                                                                                                                          • String ID: Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead$ULARGE_INTEGER must be 'int', or '(int, int)'
                                                                                                                                                                                                                                          • API String ID: 507489655-1767028231
                                                                                                                                                                                                                                          • Opcode ID: 5e223d211314823cd4219e8a22ccae8685cd212fbaa4b10fe60fb3027d068c0b
                                                                                                                                                                                                                                          • Instruction ID: 0383948633667142c8674ee9a83541c1f3ade021edb011950c5aedb71a545038
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e223d211314823cd4219e8a22ccae8685cd212fbaa4b10fe60fb3027d068c0b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7321DDB1709A82D1EB928F29F88017C63A4FB49794F445172DE2D47664EF3CDC99C710
                                                                                                                                                                                                                                          Function 00007FFBAA2121D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertCollectionErr_FromKeywordsParseRemoveRestoreSaveStoreStringTuple
                                                                                                                                                                                                                                          • String ID: O:CertRemoveStoreFromCollection$Object must be of type PyCERTSTORE
                                                                                                                                                                                                                                          • API String ID: 774358558-3549291170
                                                                                                                                                                                                                                          • Opcode ID: e02bc9f5334d682bb5f1c7c4bc9ad87889e86c0fff2a1a11bef5164bfba2576c
                                                                                                                                                                                                                                          • Instruction ID: a18cc68939f0eb7bfc72b9d4ad68f80146890a5d25efaf6da992ec206d0d5f4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e02bc9f5334d682bb5f1c7c4bc9ad87889e86c0fff2a1a11bef5164bfba2576c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41111DB5A0AB42C1EB02AB66F8544296379FB84BC0B5440B2DD4D43768DF3CE46AD310
                                                                                                                                                                                                                                          Function 00007FFBAA1E4820 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Bytes_FormatSize
                                                                                                                                                                                                                                          • String ID: Attributes of PyDEVMODEW can't be deleted$Length of DriverData cannot be longer that DriverExtra (%d bytes)
                                                                                                                                                                                                                                          • API String ID: 1818008259-1897733207
                                                                                                                                                                                                                                          • Opcode ID: 982261d07047ae27cc783b36b5d868306bdb719e0c94ce6eb0d46070b68470d5
                                                                                                                                                                                                                                          • Instruction ID: 72e929cf2d43d4320dc3d28e675d32cfcc6824471a06f1c6b6cf208abeb52ad3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 982261d07047ae27cc783b36b5d868306bdb719e0c94ce6eb0d46070b68470d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4611CAE1F06A82D1EA578B75D8500782365EF86BA0F144172DD2D477B4EE2CD8DAC310
                                                                                                                                                                                                                                          Function 00007FFBAA1E9010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Authority$Arg_CountErr_FromLongLong_ParseSizeStringTuple_
                                                                                                                                                                                                                                          • String ID: The index is out of range$i:GetSubAuthority
                                                                                                                                                                                                                                          • API String ID: 3635565364-2602025648
                                                                                                                                                                                                                                          • Opcode ID: ab6d8fd439d6b02b6a007d953e9cdef31c4b5c51f63db0275b9e0d2e0d69a080
                                                                                                                                                                                                                                          • Instruction ID: a7d8fceeb87c054125e63c9101852af9dd2c68c4957fdacbd7d79ee9e4893b27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab6d8fd439d6b02b6a007d953e9cdef31c4b5c51f63db0275b9e0d2e0d69a080
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71F0FFA5B0A682E2EA579B71E84447C6369EF86B91B444072CD5E06710EE2DEC9EC720
                                                                                                                                                                                                                                          Function 00007FFBAA218DB0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Bool_FromLong$BuildSizeValue_
                                                                                                                                                                                                                                          • String ID: PathLenConstraint$fCA$fPathLenConstraint${s:N, s:N, s:k}
                                                                                                                                                                                                                                          • API String ID: 3942119401-3721055901
                                                                                                                                                                                                                                          • Opcode ID: 9ecf450eef0d8d2ad4947defc98a28ab1d6373610cba2ae01479d0515dca57a9
                                                                                                                                                                                                                                          • Instruction ID: 3f2de8a383d46600be6d9b09bd648a72ae8e7a613a253c471c6625e318058dc9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ecf450eef0d8d2ad4947defc98a28ab1d6373610cba2ae01479d0515dca57a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05F049B1A0AB86D2D711DB20F4644687368FB48B94B044075DE4E03728EF3CD56ACB50
                                                                                                                                                                                                                                          Function 00007FFBAA2181C0 Relevance: 12.1, APIs: 8, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: free$DeallocErr_MemorySequence_Tuple@@U_object@@malloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2165968868-0
                                                                                                                                                                                                                                          • Opcode ID: cc6d1c5c69d510eae1896d83434756b846e213ef316d9c9bf5939e05eb4c6e47
                                                                                                                                                                                                                                          • Instruction ID: 36c9521e32f2f8a010dfd765257374c3277645218752ba0b192d4c79f9434383
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc6d1c5c69d510eae1896d83434756b846e213ef316d9c9bf5939e05eb4c6e47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83416072A0AB81C2EB46EF62E494139BBA8FF94B90B054176DE4D13758DF3CE462D350
                                                                                                                                                                                                                                          Function 00007FFBAA1E72C0 Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurityfree$DaclGroupOwnerSacl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1788430091-0
                                                                                                                                                                                                                                          • Opcode ID: 97ea44e753a5a118efad6d5d1f8ef18c9434b446d72ae4c28109a967474ad096
                                                                                                                                                                                                                                          • Instruction ID: 334fd5d3d19a08e23897dcfdf7d4e308164ed3c02742f4f992c44aa37403437a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97ea44e753a5a118efad6d5d1f8ef18c9434b446d72ae4c28109a967474ad096
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 322124A160A583E1FF978F65E8542B963A8EF86B80F440072FE4E52564DE2CDD4EC724
                                                                                                                                                                                                                                          Function 00007FFBAA217AA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • |kOOO:CRYPT_VERIFY_MESSAGE_PARA, xrefs: 00007FFBAA217B37
                                                                                                                                                                                                                                          • Object used to construct CRYPT_VERIFY_MESSAGE_PARA structure must be a dict or None, xrefs: 00007FFBAA217B04
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Arg_Keywords_MemoryParseSizeStringTuplemalloc
                                                                                                                                                                                                                                          • String ID: Object used to construct CRYPT_VERIFY_MESSAGE_PARA structure must be a dict or None$|kOOO:CRYPT_VERIFY_MESSAGE_PARA
                                                                                                                                                                                                                                          • API String ID: 3503287059-4156433631
                                                                                                                                                                                                                                          • Opcode ID: e9424dd6beaa008a22de8d660639a4951c33b1e4a83d22bf65a9b7d75a9b0e79
                                                                                                                                                                                                                                          • Instruction ID: 3f63b52c286ba17d4fb94c9f2176bf20ba6b82b9db6520ac18caa6e17f149615
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9424dd6beaa008a22de8d660639a4951c33b1e4a83d22bf65a9b7d75a9b0e79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA3150B260AF46C1EB019F61E89026973E9FB88790F044076DD8D43728EF7CD5AAD710
                                                                                                                                                                                                                                          Function 00007FFBAA2177A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String$Arg_Keywords_ParseSizeTuple
                                                                                                                                                                                                                                          • String ID: EncryptionAuxInfo must be None$Object used to construct a CRYPT_ENCRYPT_MESSAGE_PARA must be a dict$O|OOkkk:CRYPT_DECRYPT_MESSAGE_PARA
                                                                                                                                                                                                                                          • API String ID: 1444107868-2361109964
                                                                                                                                                                                                                                          • Opcode ID: 0387343d0a297861153132cd53a0e4f79e01a598c2762950e08c7c8825d92fb0
                                                                                                                                                                                                                                          • Instruction ID: 33f65f19bbac735d233dbf2dd249a8ee003c3f58820bee9ee5817a99ce912a1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0387343d0a297861153132cd53a0e4f79e01a598c2762950e08c7c8825d92fb0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB313CB2A06B02C5DB519F30E4505A973E9FB84B84F444172DE4C47768EF3CD1AAD750
                                                                                                                                                                                                                                          Function 00007FFBAA1E9C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallDeallocErr_FormatMethodObject_SubtypeType_
                                                                                                                                                                                                                                          • String ID: astimezone$must be a pywintypes time object (got %s)
                                                                                                                                                                                                                                          • API String ID: 244768906-1654730096
                                                                                                                                                                                                                                          • Opcode ID: 6c7939a9d9a4378991c112401e7defa9cb9dd7bc83bdd3f2906742f1b1d638e9
                                                                                                                                                                                                                                          • Instruction ID: 03a9a941a7b42b3f52e9ef89af4e8234a665259422f245b38be08a551f1d8a19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c7939a9d9a4378991c112401e7defa9cb9dd7bc83bdd3f2906742f1b1d638e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 902108A26096C1E2D79A8F36D55007C7BA4EF4ABC1B149073DFAE83350EE2CD919C720
                                                                                                                                                                                                                                          Function 00007FFBAA1E85B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                          • String ID: :GetSecurityDescriptorDacl$GetSecurityDescriptorDacl$SetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                          • API String ID: 1292091245-161903415
                                                                                                                                                                                                                                          • Opcode ID: 47e204642db6640a9c9c5f42fc2bbdc1d812443fe2b31ebd05fa51a62c3ac94c
                                                                                                                                                                                                                                          • Instruction ID: a0fbf15defe31cea7d81b7697a8a404802b968b6dabee1c584f558b6bec28a0f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 47e204642db6640a9c9c5f42fc2bbdc1d812443fe2b31ebd05fa51a62c3ac94c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 221163D5A0A542E2EB578B35E8402B96364AFC5744F484472CD1D462A5EE2CD99BC720
                                                                                                                                                                                                                                          Function 00007FFBAA1E8680 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                          • String ID: :GetSecurityDescriptorSacl$GetSecurityDescriptorSacl$GetSecurityDescriptorSacl - invalid sd
                                                                                                                                                                                                                                          • API String ID: 1292091245-3167575759
                                                                                                                                                                                                                                          • Opcode ID: eda0f0d636285a1688c3aed3a31db8cfa39383af60a5d4deb98f50818e958fbb
                                                                                                                                                                                                                                          • Instruction ID: e762aad94a1912f1f50937b1a0f421e3661244475081e6e9436f760669b699ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eda0f0d636285a1688c3aed3a31db8cfa39383af60a5d4deb98f50818e958fbb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F1193D9E0A542E1EB578B35E8002B96364AFC5784F480072CD1D422A1EE2CD99AC620
                                                                                                                                                                                                                                          Function 00007FFBAA1E9660 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastValidmalloc
                                                                                                                                                                                                                                          • String ID: PySID:$PySID: Invalid SID
                                                                                                                                                                                                                                          • API String ID: 814871005-2976353951
                                                                                                                                                                                                                                          • Opcode ID: 79f643a53b61f72d234d5fd2a4f80076a33712498731b2b7e024394af7ebc535
                                                                                                                                                                                                                                          • Instruction ID: 4599a25ce78f29e8c062ef972200cdfbcb1f51f9bc2942c2104436ec5609d6f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79f643a53b61f72d234d5fd2a4f80076a33712498731b2b7e024394af7ebc535
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF2107E5A1AAC1D2DA978B21E5401BCB3A5FB45BE0F445172DE6D03390EF3CD89AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1E84F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                          • String ID: :GetSecurityDescriptorGroup$GetSecurityDescriptorGroup$GetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                          • API String ID: 1292091245-1740808346
                                                                                                                                                                                                                                          • Opcode ID: 1cfadc0fcdcf666d0f5f1b4dba48cf5ccd64742d80ab32fcdbb67db2515e5fcb
                                                                                                                                                                                                                                          • Instruction ID: 58283f6aa277875b0e57ffaac9c3bce38b1e33aa0b947446941efbdb81ab7549
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cfadc0fcdcf666d0f5f1b4dba48cf5ccd64742d80ab32fcdbb67db2515e5fcb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B31186D5F0A642E1FB578B36EC412B92364EFC6784F4850B2CD1D46265FE2CD99A8320
                                                                                                                                                                                                                                          Function 00007FFBAA21A764 Relevance: 10.6, APIs: 7, Instructions: 53threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferEval_ThreadView@@$?init@CertErr_ErrorError@@FreeFromLastLong_Object_OpenReferenceRestoreSaveStoreStringU_object@@U_object@@_VoidWin_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3959075145-0
                                                                                                                                                                                                                                          • Opcode ID: 735bb013023945f98a00cd79af536277f0328b45b4fff663fcd9f338c59b4beb
                                                                                                                                                                                                                                          • Instruction ID: b61974fea4cad90eaff35de31da0dcb5cfd34a9158dde86a7eab04e5a5112c54
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 735bb013023945f98a00cd79af536277f0328b45b4fff663fcd9f338c59b4beb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11211D75B0AB42C9E726AF71E4506AC3779EB44B88B0501B6CE0D63B5CDE38D42B9360
                                                                                                                                                                                                                                          Function 00007FFBAA1E41E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAA1E420E
                                                                                                                                                                                                                                          • GetAuditedPermissionsFromAclW.ADVAPI32 ref: 00007FFBAA1E423E
                                                                                                                                                                                                                                          • Py_BuildValue.PYTHON312 ref: 00007FFBAA1E4268
                                                                                                                                                                                                                                          • PyMem_Free.PYTHON312 ref: 00007FFBAA1E4282
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildFree$Arg_AuditedDeallocDecodeErr_ErrorFormatFromLastLocalMem_MessageObjectParsePermissionsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                          • String ID: GetAuditedPermissionsFromAcl$O:GetAuditedPermissionsFromAcl
                                                                                                                                                                                                                                          • API String ID: 1813498087-1982696749
                                                                                                                                                                                                                                          • Opcode ID: 8a6ff8e7fc4ee454dbaf1a1bb3be092f6b23010d3761266b61acb2699630f883
                                                                                                                                                                                                                                          • Instruction ID: 42572942e2d6efe25ed1abf8d1204c31355039269c89355987aa7f5aacc4fc5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6ff8e7fc4ee454dbaf1a1bb3be092f6b23010d3761266b61acb2699630f883
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 961171B6B09686E6EB528B61F84007EA3A8FB85790F440072DE4D47614EF7CE84ACB50
                                                                                                                                                                                                                                          Function 00007FFBAA217050 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BufferView@@$?init@Arg_Err_Keywords_ParseSizeStringTupleU_object@@_
                                                                                                                                                                                                                                          • String ID: Object used to construct a CRYPT_BIT_BLOB must be a dict$Ok:CRYPT_BIT_BLOB
                                                                                                                                                                                                                                          • API String ID: 1863331557-1057895879
                                                                                                                                                                                                                                          • Opcode ID: 9bd7dbeddbf4d01ef53bd7e298c0cce26d155d1eb7edca795c507e62b6cd6ecb
                                                                                                                                                                                                                                          • Instruction ID: b06ac6b951d16ad91c5bcf4f166c998bdf70dea987fb59634ed12d2db1c1ecc4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bd7dbeddbf4d01ef53bd7e298c0cce26d155d1eb7edca795c507e62b6cd6ecb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A213BB2A19B81C6DB619F35F4507AA63A4FB84B44F444172DE8C43668DF3CC5A9D710
                                                                                                                                                                                                                                          Function 00007FFBAA1E1220 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$BufferBuffer_FormatObject_ReleaseString
                                                                                                                                                                                                                                          • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                          • API String ID: 3539591379-686265896
                                                                                                                                                                                                                                          • Opcode ID: 569f538c9c836f433e0bd960f5d5e206e531757e9a54dd6106fd3398a81b04aa
                                                                                                                                                                                                                                          • Instruction ID: 990f60dd12e93a55c57da6ea6bee324714a6dd17185ed7771e9757f056475eff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 569f538c9c836f433e0bd960f5d5e206e531757e9a54dd6106fd3398a81b04aa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E1124A1A06B42D1EE578F66EC4013863A9FB86B94F185171CD5D877A4DF3CEC9AC320
                                                                                                                                                                                                                                          Function 00007FFBAA1E4120 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAA1E414A
                                                                                                                                                                                                                                          • GetEffectiveRightsFromAclW.ADVAPI32 ref: 00007FFBAA1E4175
                                                                                                                                                                                                                                          • Py_BuildValue.PYTHON312 ref: 00007FFBAA1E419A
                                                                                                                                                                                                                                          • PyMem_Free.PYTHON312 ref: 00007FFBAA1E41B4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildFree$Arg_DeallocDecodeEffectiveErr_ErrorFormatFromLastLocalMem_MessageObjectParseRightsSizeTupleUnicode_ValueValue_
                                                                                                                                                                                                                                          • String ID: GetEffectiveRightsFromAcl$O:GetEffectiveRightsFromAcl
                                                                                                                                                                                                                                          • API String ID: 2032167972-568366055
                                                                                                                                                                                                                                          • Opcode ID: 303dce0aea7412f47779b6d1c60295076083a61708bba6cdfba5205ac26e9a70
                                                                                                                                                                                                                                          • Instruction ID: b4b7ac8eac7896bf815ab04bc2675cb6e4a334c5674e48e01e134c3cfda53657
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 303dce0aea7412f47779b6d1c60295076083a61708bba6cdfba5205ac26e9a70
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E1151A1B09686E6EA538B21E8400BEA3A4FF85790F444172DE4D47654EF7CE94AC750
                                                                                                                                                                                                                                          Function 00007FFBAA21A70F Relevance: 10.5, APIs: 7, Instructions: 48threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Object_ThreadU_object@@$BufferCertErr_ErrorError@@FreeFromLastLong_OpenReferenceRestoreSaveStoreStringView@@VoidWin_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 504009513-0
                                                                                                                                                                                                                                          • Opcode ID: 1b853cce0dd02cf5b1062a97e9fbb10b6b16e8998390923970c45b63366b3f0d
                                                                                                                                                                                                                                          • Instruction ID: 1ad78ab7023aed42b125b2ec1ab34f8b03d2ebd7472840e06db4663293e54862
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b853cce0dd02cf5b1062a97e9fbb10b6b16e8998390923970c45b63366b3f0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39110E75B0A742C9F726AF71E850A782769EB44BD4B0501B2CD0D63B5CCE3CE42BA320
                                                                                                                                                                                                                                          Function 00007FFBAA21A74D Relevance: 10.5, APIs: 7, Instructions: 45threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Object_Thread$BufferCertErrorFreeLastOpenRestoreSaveStoreU_object@@View@@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2258189182-0
                                                                                                                                                                                                                                          • Opcode ID: 3dd6fefdb8c283e016e08b741fdffbf3031fb042ce30941533acbbe1235ce6df
                                                                                                                                                                                                                                          • Instruction ID: 2c374fd7466927d0ca06bb493db8316ae18a7f37d1ddf85f8fdcd887ba8ee12a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dd6fefdb8c283e016e08b741fdffbf3031fb042ce30941533acbbe1235ce6df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4611FE75B0AB42C9E726AB71D85067C2769EB44BD4B0501B6CE0D6375CDF3CE42BA320
                                                                                                                                                                                                                                          Function 00007FFBAA21A736 Relevance: 10.5, APIs: 7, Instructions: 45threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Object_Thread$BufferCertErrorFreeLastOpenRestoreSaveStoreU_object@@View@@Y__@@@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2272792605-0
                                                                                                                                                                                                                                          • Opcode ID: e783685f57a91c1b6a6dadc10c5ba01f2976cabd44a7fabb62e0783f77305b33
                                                                                                                                                                                                                                          • Instruction ID: caa9f46f5e812af356cdb3343339e5a0f4f23201c0e9715e18407b6632e18a4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e783685f57a91c1b6a6dadc10c5ba01f2976cabd44a7fabb62e0783f77305b33
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2211FE75B0AB42C9E726AF71D85067C2769EB44BD4B0501B6CE0D6375CDE3CE42BA320
                                                                                                                                                                                                                                          Function 00007FFBAA1E2AB0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                          • String ID: AddAccesAllowedAce$lO:AddAccessAllowedAce$llO:AddAccessAllowedAce
                                                                                                                                                                                                                                          • API String ID: 2492218514-648165593
                                                                                                                                                                                                                                          • Opcode ID: 0fca3df125c9ca4b74ba172dc1ad24d14b13c3c223872720ecc417f5911fbe20
                                                                                                                                                                                                                                          • Instruction ID: 6a2ef78eb453d64ec8582e99999cf57dbac40755247a41aa925b23d636cb3a83
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fca3df125c9ca4b74ba172dc1ad24d14b13c3c223872720ecc417f5911fbe20
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D1133B1A09B85E2DB528F25F5404AA7768FB857C4F444072EE8D43B18EE7CD54ACB10
                                                                                                                                                                                                                                          Function 00007FFBAA1E2B60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                          • String ID: AddAccesDeniedAce$lO:AddAccessDeniedAce$llO:AddAccessDeniedAce
                                                                                                                                                                                                                                          • API String ID: 2492218514-45297876
                                                                                                                                                                                                                                          • Opcode ID: e0890082332542a30de38f29f9ead05091ac483cfbb9dea9cfcf4de0babcaec8
                                                                                                                                                                                                                                          • Instruction ID: 7671522479f44c404bb7d27794fc6769bc9641defa432692f94b9f8266abeaa8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0890082332542a30de38f29f9ead05091ac483cfbb9dea9cfcf4de0babcaec8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 631133B5609B85E2DB528F25F5404AA7364FB857C4F444072EE8D43B18EE7CD549CB50
                                                                                                                                                                                                                                          Function 00007FFBAA212B80 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$CertCertificateContextErr_FreeRestoreSaveString
                                                                                                                                                                                                                                          • String ID: CertFreeCertificateContext$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 2800691829-2758218661
                                                                                                                                                                                                                                          • Opcode ID: bb52bf924b046b5add6b0de0391143d88a3a835ec7d3b0ffb67b05f919ce16b9
                                                                                                                                                                                                                                          • Instruction ID: 67cd0994e2035b89f0fbca719af43d15c2dc6c176a126119b00b2531df0e79e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb52bf924b046b5add6b0de0391143d88a3a835ec7d3b0ffb67b05f919ce16b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73112E75A0AB42C1EB52AB66F4906696365FB48BC4F081071DE4E07728CF2CD56A9710
                                                                                                                                                                                                                                          Function 00007FFBAA21D640 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Bytes_ClearFormatLong_OccurredStringVoid
                                                                                                                                                                                                                                          • String ID: %d is an invalid value for object identifier
                                                                                                                                                                                                                                          • API String ID: 547943475-3594730584
                                                                                                                                                                                                                                          • Opcode ID: 22658438a5c7523015bb58e97d0ab54ab8fa08677bbe5b43d272185928f613a8
                                                                                                                                                                                                                                          • Instruction ID: 49194290fa0dd9e3377e32341e7523b86bd58397a1aaf4a64a8c4422f4e12416
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22658438a5c7523015bb58e97d0ab54ab8fa08677bbe5b43d272185928f613a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57013C75A0AB82C1EB12AF35F45426927A4FF48B84F4880B2DE4E4775CDF3CD4AA9710
                                                                                                                                                                                                                                          Function 00007FFBAA1E3BD0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAA1E3BEB
                                                                                                                                                                                                                                          • GetAce.ADVAPI32 ref: 00007FFBAA1E3C06
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_BuildDeallocDecodeErr_ErrorFormatFreeLastLocalMessageObjectParseSizeTupleUnicode_Value_
                                                                                                                                                                                                                                          • String ID: Ace type %d is not supported yet$GetAce$l:GetAce
                                                                                                                                                                                                                                          • API String ID: 2913267005-2172617993
                                                                                                                                                                                                                                          • Opcode ID: aef762dc7b89ada9127937277a53d1b5627c9c6045696fdecc209502e163c83b
                                                                                                                                                                                                                                          • Instruction ID: c16577fedf34b8002c0eb88ab42631b8259e27c6806de6b40296187490bf6fbe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aef762dc7b89ada9127937277a53d1b5627c9c6045696fdecc209502e163c83b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 860152A5B09682E2EB538B35E8501B82365BF85B84F484173CE4D47265EE2CE95AC610
                                                                                                                                                                                                                                          Function 00007FFBAA1E87F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ControlDescriptorErr_ParseSecurityStringTuple
                                                                                                                                                                                                                                          • String ID: SetSecurityDescriptorControl$SetSecurityDescriptorControl does not exist on this platform$ll:SetSecurityDescriptorControl
                                                                                                                                                                                                                                          • API String ID: 1690190277-853495732
                                                                                                                                                                                                                                          • Opcode ID: c5fb905781387fc59d0c6ec67cab9ed427ef9051838924ecfa23633f0d9bec63
                                                                                                                                                                                                                                          • Instruction ID: 864cbda042da48ed5ca897effe0439f8ffd40ac5dd6e4f0e0aad4ddfcfdbacf4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5fb905781387fc59d0c6ec67cab9ed427ef9051838924ecfa23633f0d9bec63
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F013C91A1AA82E2EA978F36EC402792364FF85B44F440072CD5D46264EE2CD99A8720
                                                                                                                                                                                                                                          Function 00007FFBAA219690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertKeywordsParseRestoreSaveTuple
                                                                                                                                                                                                                                          • String ID: I:CertAlgIdToOID
                                                                                                                                                                                                                                          • API String ID: 3433423547-3396670919
                                                                                                                                                                                                                                          • Opcode ID: 1095c2d51b48dba2b82c27a878169a917837b47485c0a3d01a219f5c71b8761f
                                                                                                                                                                                                                                          • Instruction ID: 9375530aaabd54b78c23d63c1112cb40cb380d8716db3eb32f699df289b3d5a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1095c2d51b48dba2b82c27a878169a917837b47485c0a3d01a219f5c71b8761f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B201EDB5A09B86C2DB11AF61F9544696365FB88BD4F8400B1DE4E43B28DF3CE02AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1E48D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d, xrefs: 00007FFBAA1E4926
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memcpy$Err_FormatReferencemalloc
                                                                                                                                                                                                                                          • String ID: PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d
                                                                                                                                                                                                                                          • API String ID: 3577276951-318570358
                                                                                                                                                                                                                                          • Opcode ID: e31a7c680d46d894b1b5cc69c1db71648538bd7e605b349bb94b818df4ba36f7
                                                                                                                                                                                                                                          • Instruction ID: e69b44d57d3eafeaefcefc69263b6d4587384047a1e0d1cfe90f05b8e3f5c36f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e31a7c680d46d894b1b5cc69c1db71648538bd7e605b349bb94b818df4ba36f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A0140A1A06A86E2DA568F26E94017C3368FB49F847444076DE4D03755EF3DE8A9C720
                                                                                                                                                                                                                                          Function 00007FFBAA213340 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$CertDeleteErr_FromRestoreSaveStoreString
                                                                                                                                                                                                                                          • String ID: CertDeleteCertificateFromStore$The certificate context has been closed
                                                                                                                                                                                                                                          • API String ID: 1525181047-1342110332
                                                                                                                                                                                                                                          • Opcode ID: 7b40cb4e4b256020a3562da3478bab6e3b79d37c173bc5c4e9eb3ff782c05f87
                                                                                                                                                                                                                                          • Instruction ID: feb966ad364444fa4f0cd05b0e6ed375026a2e3c68e6bbfaa037d6f080bd04ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b40cb4e4b256020a3562da3478bab6e3b79d37c173bc5c4e9eb3ff782c05f87
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 710125B1B1AB02C1EB56AB76E8904752369FF54BD4B041071CD0D47328DE2CD06AD324
                                                                                                                                                                                                                                          Function 00007FFBAA1EA490 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$BuildClearDeallocStringValue
                                                                                                                                                                                                                                          • String ID: (i)$invalid timestamp
                                                                                                                                                                                                                                          • API String ID: 3614533335-2037815563
                                                                                                                                                                                                                                          • Opcode ID: a4125f9ac3bd078db836ea3183772ef5e2680fe1127ed21b291754ada7f20038
                                                                                                                                                                                                                                          • Instruction ID: bad19024910059a7c765dfd86057efe5942fc3866f968fd8ce6fd14070fc419e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4125f9ac3bd078db836ea3183772ef5e2680fe1127ed21b291754ada7f20038
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC0148A5E1AB46D1FE578B35ED5403823A8AF95B91F441072CD0E06754EE3CEC9A8310
                                                                                                                                                                                                                                          Function 00007FFBAA216D51 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildValue_$Bytes_DeallocFromString
                                                                                                                                                                                                                                          • String ID: ObjId$Value${s:s,s:N}
                                                                                                                                                                                                                                          • API String ID: 1755699355-3161452806
                                                                                                                                                                                                                                          • Opcode ID: 38a010a786c2be177df0090677ed4f2dd89ee3b4a1786869ac1df62a7d11ec02
                                                                                                                                                                                                                                          • Instruction ID: e99bf0c053bf55b40359c85f4ca89b15aaf1128b16a5528121c4fde37bdcebc5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38a010a786c2be177df0090677ed4f2dd89ee3b4a1786869ac1df62a7d11ec02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8011E75A0AB42D2E711EB21E4504A9B729FB44784B4444B6DF4D0375CDF3CF16AE760
                                                                                                                                                                                                                                          Function 00007FFBAA1EC500 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$Arg_BuildErr_ParseStringTextTuple_UnicodeValue_
                                                                                                                                                                                                                                          • String ID: s#i$string size beyond INT_MAX
                                                                                                                                                                                                                                          • API String ID: 2518093472-3494499060
                                                                                                                                                                                                                                          • Opcode ID: dfd7dd9a82394ab18fc3658568d1f08c6994fe3d6dce12868a3255f76a01ff8a
                                                                                                                                                                                                                                          • Instruction ID: c20131d8e846395f0443f322ab009c28e78af22688819705c83d85a9277646b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfd7dd9a82394ab18fc3658568d1f08c6994fe3d6dce12868a3255f76a01ff8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E011EB5B09B86E1EF438B35E8000A963A9FB86795F804173D94D43754DF3CE94AC790
                                                                                                                                                                                                                                          Function 00007FFBAA1E91B0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AuthorityBuildErr_IdentifierSizeStringValidValue_
                                                                                                                                                                                                                                          • String ID: (BBBBBB)$GetSidIdentifierAuthority: Invalid SID in object
                                                                                                                                                                                                                                          • API String ID: 2215780243-3761804006
                                                                                                                                                                                                                                          • Opcode ID: b0d73a36f6f348ebcd5edebfb7f5035f7f32f6c59f003da0e19b92cbc8ac1e39
                                                                                                                                                                                                                                          • Instruction ID: 8d3c7a23ff4df1e2572444d81613d828e57318a0f2649d9f605bc439ee5bfcb5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0d73a36f6f348ebcd5edebfb7f5035f7f32f6c59f003da0e19b92cbc8ac1e39
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2015EA16196D1D2D7834B31D81003C7BA4EB85B85B0980B2DE9E42350DE2CC96AC720
                                                                                                                                                                                                                                          Function 00007FFBAA219730 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 30threadencryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$Arg_CertFromKeywordsLongLong_ParseRestoreSaveTupleUnsigned
                                                                                                                                                                                                                                          • String ID: s:CertOIDToAlgId
                                                                                                                                                                                                                                          • API String ID: 1673740518-3049518499
                                                                                                                                                                                                                                          • Opcode ID: 2de8b33d794067f29b7595e331b9b76f5abe5e987f96c3cd1ed44318750905c6
                                                                                                                                                                                                                                          • Instruction ID: 0b0b7c3437fb3d7a464469136fc82b24a09a69abbce2114bb5595c8b10015f86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2de8b33d794067f29b7595e331b9b76f5abe5e987f96c3cd1ed44318750905c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07F0CD75B0AB82C2DB01AB62F95446963A8FB88F90B440075EE4E43728DF3CD16AD710
                                                                                                                                                                                                                                          Function 00007FFBAA2135F6 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildReferenceValuefreemalloc
                                                                                                                                                                                                                                          • String ID: CryptProv$KeySpec${s:N, s:k}
                                                                                                                                                                                                                                          • API String ID: 1678951931-2501532095
                                                                                                                                                                                                                                          • Opcode ID: 07488b20821be0a5470228962aac2a83eea9555d50712414f948658cadf8a56f
                                                                                                                                                                                                                                          • Instruction ID: 0ad26b02650b9359566a8a54915a4d0c8dbd4fcadf15e5aec46dd27694472fee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07488b20821be0a5470228962aac2a83eea9555d50712414f948658cadf8a56f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA014FB5A0AB41C2D7029B25F5504A87368FB88BC0F440276DE4D43718DF3DE16AD710
                                                                                                                                                                                                                                          Function 00007FFBAA1EBC90 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CallsMakePending$ClearErr___acrt_iob_func__stdio_common_vfprintffprintf
                                                                                                                                                                                                                                          • String ID: Unhandled exception detected before entering Python.
                                                                                                                                                                                                                                          • API String ID: 322838838-920423093
                                                                                                                                                                                                                                          • Opcode ID: 736b9a258ff082faf70cc69d8895d9c1cebe8cae3e73d35b183ec6780337e48b
                                                                                                                                                                                                                                          • Instruction ID: e62855097d84047c8435abf0af0e855661f6a4aac6bb5a71becf0740c7c0d148
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 736b9a258ff082faf70cc69d8895d9c1cebe8cae3e73d35b183ec6780337e48b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DE0ECD4E0F543E6F6976B31EC492B9216D6F92B91F4090B6CC0F42261EE1CAC5F8230
                                                                                                                                                                                                                                          Function 00007FFBAA1EB010 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: List_$AppendDealloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1573934073-0
                                                                                                                                                                                                                                          • Opcode ID: f8b13b4d65d2c7b560fe5343b90ac936291079483877ea91accc04f82460e21b
                                                                                                                                                                                                                                          • Instruction ID: 531d5e873ab90f477dd0bf0e7b9f65608ad5c2c0ecae7343ccc84e62fc31164c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8b13b4d65d2c7b560fe5343b90ac936291079483877ea91accc04f82460e21b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 273132A5A0FA45D5FEA74B25E9801396374AF46BB0F188271DE6D077E4EF2CE8468310
                                                                                                                                                                                                                                          Function 00007FFBAA1EB120 Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: List_$AppendBytes_DeallocFromSizeString
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3583985797-0
                                                                                                                                                                                                                                          • Opcode ID: b6289df08c14415418b15139dd86ea7f23e8c96486d306a0b356c10dd46804b6
                                                                                                                                                                                                                                          • Instruction ID: 7ad8c07c7b3eb7b3431281a62a47cda4f6917c780a69ae799b7c6dea892280f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6289df08c14415418b15139dd86ea7f23e8c96486d306a0b356c10dd46804b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9213261A0FA85D5EEA74F35E8942386394AF46BB4F085271DE6E067D0EE2CE8568310
                                                                                                                                                                                                                                          Function 00007FFBAA1E6E50 Relevance: 9.1, APIs: 6, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Py_NewReference.PYTHON312(?,?,?,00007FFBAA1E6D86), ref: 00007FFBAA1E6E6D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EE3C8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFBAA1EE3E2
                                                                                                                                                                                                                                          • _Py_NewReference.PYTHON312(?,?,?,00007FFBAA1E6D86), ref: 00007FFBAA1E6E9A
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAA1E6D86), ref: 00007FFBAA1E6EA5
                                                                                                                                                                                                                                          • InitializeSecurityDescriptor.ADVAPI32(?,?,?,00007FFBAA1E6D86), ref: 00007FFBAA1E6EBE
                                                                                                                                                                                                                                          • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAA1E6D86), ref: 00007FFBAA1E6ED6
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,00007FFBAA1E6D86), ref: 00007FFBAA1E6EF6
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E7B40: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E7B5B
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E7B40: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1E7B64
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorReferenceSecurityfreemalloc$DeallocInitializeLength
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2040291429-0
                                                                                                                                                                                                                                          • Opcode ID: 144ac3daedd37543ad79c42905b113054fa9168fe074a7adbcc65c11bb02cba7
                                                                                                                                                                                                                                          • Instruction ID: 7a8568e4b2448d76ffbf38f3fae6ed46b09217c46a203fbcb6a5010f985df798
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 144ac3daedd37543ad79c42905b113054fa9168fe074a7adbcc65c11bb02cba7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92214971A0AB45D2EB868F21E94423C73B8FB4AB84F404075DE4D077A5EF7CE96A8350
                                                                                                                                                                                                                                          Function 00007FFBAA21A110 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocState_$AppendEnsureFromList_Object_ReleaseU_object@@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3628222327-0
                                                                                                                                                                                                                                          • Opcode ID: 7a0718d237f742212005814ea54b60e2ecc3fd4ee28faf6190ed97f0438efaf4
                                                                                                                                                                                                                                          • Instruction ID: 08cca5f099a90dc05426c9ad22ceef59a1e55402a25353a9c261c4c2f273c27a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a0718d237f742212005814ea54b60e2ecc3fd4ee28faf6190ed97f0438efaf4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D118272A09B02C2DB11AF32F810129B7A8EF84B90F180171DE5E47358DF3CD4669710
                                                                                                                                                                                                                                          Function 00007FFBAA1ED6E0 Relevance: 9.0, APIs: 6, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocValue$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1066789969-0
                                                                                                                                                                                                                                          • Opcode ID: 184bcfdcaf00f2f60805a083e4a3c7233bfc85e00bd7b69ac5073c6e02f5c8ec
                                                                                                                                                                                                                                          • Instruction ID: 07f4711cc87fb582be8b65cd8162dfef7290f7c4935b6e424279dfbdbfe72c3a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 184bcfdcaf00f2f60805a083e4a3c7233bfc85e00bd7b69ac5073c6e02f5c8ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E01DEB4E0FB42E1FA979F35EC5417833A9BF89B54F1544B6CC4E122509E3CAC5A9230
                                                                                                                                                                                                                                          Function 00007FFBAA1E6990 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unicode_
                                                                                                                                                                                                                                          • String ID: Internal$InternalHigh$hEvent
                                                                                                                                                                                                                                          • API String ID: 2646675794-1769053571
                                                                                                                                                                                                                                          • Opcode ID: f1d39640334fae646abf404db770a728ad25418bece115b56819633ea03a6ba7
                                                                                                                                                                                                                                          • Instruction ID: 39255d88159475badb56897fa6cd70040fa92fb77ddc3d875223da058d182e03
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1d39640334fae646abf404db770a728ad25418bece115b56819633ea03a6ba7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921D572B1AA81D1EB978B22E54003D6364FB89BC4F485072EF9E47759EE2CD892C710
                                                                                                                                                                                                                                          Function 00007FFBAA1E7C00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorInitializeParseSecurityTuple
                                                                                                                                                                                                                                          • String ID: :Initialize$InitializeSecurityDescriptor
                                                                                                                                                                                                                                          • API String ID: 3008588735-475701968
                                                                                                                                                                                                                                          • Opcode ID: a607c9aa78ca3169caf3f180d21fd4df5d9479bcf2dc38f2f5468736b10cb754
                                                                                                                                                                                                                                          • Instruction ID: d30cbf6345665ec30694f019179f3ec3ca5ef064c9bd0c6e1fce216e8a620c69
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a607c9aa78ca3169caf3f180d21fd4df5d9479bcf2dc38f2f5468736b10cb754
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A61162A1B09A82D1EB578B32E94017A63A9FB89BC0F485071DE5E47758EF2CD8478710
                                                                                                                                                                                                                                          Function 00007FFBAA1E5810 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                          • String ID: The object is not a PyHANDLE object$|O:HANDLERegistry
                                                                                                                                                                                                                                          • API String ID: 709158290-3143913545
                                                                                                                                                                                                                                          • Opcode ID: d50cbd8e4d7ce53099b5c43a06c2957648a9a4a107dfa02c32a3319bf10f1a76
                                                                                                                                                                                                                                          • Instruction ID: fa644b9e1ba9bbc9cf1ab055181c8911a9f6ca59815cf8027cdfd84ce821bdf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d50cbd8e4d7ce53099b5c43a06c2957648a9a4a107dfa02c32a3319bf10f1a76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D218D71A0AB92E1EA538B22F84007D7379FB86794F541072DE4D43664EF3CE86AC350
                                                                                                                                                                                                                                          Function 00007FFBAA1E4F10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                          • String ID: The object is not a PyHANDLE object$|O:HANDLE
                                                                                                                                                                                                                                          • API String ID: 709158290-2911939918
                                                                                                                                                                                                                                          • Opcode ID: 32da26a186c7aa4914931394e7c6df3db8a8ee8773740c1db7cd4f19ad8b0cef
                                                                                                                                                                                                                                          • Instruction ID: 680f1751de6e68eea626fc13e4ae69d69b2d9e008cd12a098f86859ed4aafdb9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32da26a186c7aa4914931394e7c6df3db8a8ee8773740c1db7cd4f19ad8b0cef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9218E61A0AB82E5EA538B25F84007D7378FB86B80F540072EF4D47664EF3DE85AC350
                                                                                                                                                                                                                                          Function 00007FFBAA1E5460 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CharDeallocFromObject_PrintUnicode_Widewsprintf
                                                                                                                                                                                                                                          • String ID: <%hs at %Id (%Id)>
                                                                                                                                                                                                                                          • API String ID: 2754229576-3200932714
                                                                                                                                                                                                                                          • Opcode ID: e2c73810facc8508b6838acf4e95acea6fe770c862bcc3c3d108e358108a0f53
                                                                                                                                                                                                                                          • Instruction ID: cbcf60fe95fa21901e0f14c2b3e388f089e6140de9efef22e4a9701f90cd222d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2c73810facc8508b6838acf4e95acea6fe770c862bcc3c3d108e358108a0f53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 011196B2B16B85E5EB538B25E8047AD63A4AF89FA4F404175DD1D037A4EE3CD44A8310
                                                                                                                                                                                                                                          Function 00007FFBAA1EC630 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$Arg_DateFileParseSizeTuple_
                                                                                                                                                                                                                                          • String ID: DosDateTimeToFileTime$FileTimeToSystemTime
                                                                                                                                                                                                                                          • API String ID: 2214670548-3006328108
                                                                                                                                                                                                                                          • Opcode ID: 87dbc75f81b642d7e03782057ba3e3b8bd81e33503cd8eb33867510604a29585
                                                                                                                                                                                                                                          • Instruction ID: a10f9dcf02b3166ad68ab8bc81bd048aab778036fe9a4547e74aa8f4aca691e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87dbc75f81b642d7e03782057ba3e3b8bd81e33503cd8eb33867510604a29585
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7115496E09882E1FA63AB31E8111BA33A9FFC6748F8440B2ED4D42555EE2CD9078B50
                                                                                                                                                                                                                                          Function 00007FFBAA1E1970 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Formatmemcpyrealloc
                                                                                                                                                                                                                                          • String ID: SetACL: Unable to reallocate ACL to size %d
                                                                                                                                                                                                                                          • API String ID: 2667793433-1849531889
                                                                                                                                                                                                                                          • Opcode ID: b9ae1438e4236204653b7ae9cedeb3c3a4368ced16903ebafc281e17da4f6f3c
                                                                                                                                                                                                                                          • Instruction ID: 41390280fbf99ff2ca06572e427af0987cf653381c003c13f9ea0d1ff1729459
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9ae1438e4236204653b7ae9cedeb3c3a4368ced16903ebafc281e17da4f6f3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C81181A1B0AB91D2E62A9F22E84013973B4FB89FC0B088475EE8D47B55DF3CD4928750
                                                                                                                                                                                                                                          Function 00007FFBAA1E4C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                                                                          • String ID: Object must be a PyDEVMODEW$PyDEVMODE cannot be None in this context
                                                                                                                                                                                                                                          • API String ID: 1450464846-2899910425
                                                                                                                                                                                                                                          • Opcode ID: 0fb4a806d0ccb91fd8fc5085e5c0bcb0dcf69eaf29f9219200685665ecb88d4e
                                                                                                                                                                                                                                          • Instruction ID: a0f28a8f02c524ec7d54384ff41abeea7104ff2b84310a8af0039d1e46debceb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fb4a806d0ccb91fd8fc5085e5c0bcb0dcf69eaf29f9219200685665ecb88d4e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 501186A2B16A42D1EF978F29F88027C2364FB89B84F544072DE0D87764EE3DD896C710
                                                                                                                                                                                                                                          Function 00007FFBAA2167D0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_FormatObject_ParseSizeTuple_U_object@@
                                                                                                                                                                                                                                          • String ID: CRYPTPROTECT_PROMPTSTRUCT must be None or a tuple (got %s)$k|O&O
                                                                                                                                                                                                                                          • API String ID: 2773165684-1039745384
                                                                                                                                                                                                                                          • Opcode ID: 3a6ba6e03204bea4c1c9707196f68587f9e82b847cc809a1b94f4268057fc308
                                                                                                                                                                                                                                          • Instruction ID: 4d2e0d2bd483f5bf786445272b30386afed48d6e9bba13c4f7641901833b492a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a6ba6e03204bea4c1c9707196f68587f9e82b847cc809a1b94f4268057fc308
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81115EF2A15B46C2EB01AF20E4506A973A4FB84B89F548172CE4C07628DF3CD5BED710
                                                                                                                                                                                                                                          Function 00007FFBAA1ECD80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyLong_AsVoidPtr.PYTHON312 ref: 00007FFBAA1ECD95
                                                                                                                                                                                                                                          • PyErr_Occurred.PYTHON312 ref: 00007FFBAA1ECDA3
                                                                                                                                                                                                                                          • PyErr_Clear.PYTHON312 ref: 00007FFBAA1ECDAE
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB65
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB73
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB81
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB90
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB9B
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBB3
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBC7
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBE6
                                                                                                                                                                                                                                          • PyErr_Format.PYTHON312 ref: 00007FFBAA1ECDDC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$Occurred$Long_$ClearFormat$DeallocNumber_UnsignedVoid
                                                                                                                                                                                                                                          • String ID: WPARAM is simple, so must be an int object (got %s)
                                                                                                                                                                                                                                          • API String ID: 4021378859-3057595559
                                                                                                                                                                                                                                          • Opcode ID: 3e07ab2fde876340903de18c603ba2189048f057fcc304b848261276f66459d7
                                                                                                                                                                                                                                          • Instruction ID: 0df2ecdbcdca9483063e99354f19885e21bbb6082d801a143888cc31859f0c14
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e07ab2fde876340903de18c603ba2189048f057fcc304b848261276f66459d7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0014061A1ABC2D1EA938B26F8400696764FF49BD4F085072EE4D57754EE2CD8968350
                                                                                                                                                                                                                                          Function 00007FFBAA1E9120 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Authority$Arg_CountErr_ParseSizeStringTuple_
                                                                                                                                                                                                                                          • String ID: The index is out of range
                                                                                                                                                                                                                                          • API String ID: 2377407092-505141048
                                                                                                                                                                                                                                          • Opcode ID: ab659c3e0758885cbb4e411234c526d0d92208241b1e3b98633725ba134c73f6
                                                                                                                                                                                                                                          • Instruction ID: c208057800f3326bfdcd71ceb04f481a3e65553a6a40ceb08c9713d63fed6975
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab659c3e0758885cbb4e411234c526d0d92208241b1e3b98633725ba134c73f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6013CA5A1A682E2EB578F31E8440797364FBC5B51F400072DD5E46364EE3CDC4AC710
                                                                                                                                                                                                                                          Function 00007FFBAA1ED2F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Long$FromLong_$BuildSizeValue_
                                                                                                                                                                                                                                          • String ID: NiNNi(ii)
                                                                                                                                                                                                                                          • API String ID: 4007579727-1588869203
                                                                                                                                                                                                                                          • Opcode ID: 5d063a518c74a9428d61dbe571b0a0cfe69347eb100fb3d5cc1283e73626d560
                                                                                                                                                                                                                                          • Instruction ID: 2ab1b00fbff77af601e93a3cba69387db07d5f47d5b9091ad2321afd6b8d0f58
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d063a518c74a9428d61dbe571b0a0cfe69347eb100fb3d5cc1283e73626d560
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F901A576A09681D7D661CF12F44442EB7A4F789BA0B144166EECE43B24DF7CE8468B00
                                                                                                                                                                                                                                          Function 00007FFBAA216C09 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                          • String ID: ObjId$Value${s:s,s:N}
                                                                                                                                                                                                                                          • API String ID: 1860207225-3161452806
                                                                                                                                                                                                                                          • Opcode ID: 9951417193ced6bf1de27378fa38e3f26df4a5518cb3dbb15146f5cedcaf59b6
                                                                                                                                                                                                                                          • Instruction ID: 8f4de2cb59d77d40d7bdc4ea026eb4ada1176ef01e5d6e3571ccf9d89309c57b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9951417193ced6bf1de27378fa38e3f26df4a5518cb3dbb15146f5cedcaf59b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBF0DAB690AB42C2E701DF21E8504A97328FB58744B444172CF4D43728EF3DE66AE760
                                                                                                                                                                                                                                          Function 00007FFBAA217010 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                          • String ID: Data$UnusedBits${s:N,s:k}
                                                                                                                                                                                                                                          • API String ID: 1860207225-201570788
                                                                                                                                                                                                                                          • Opcode ID: b93d722b57e54d1c5c6e974ee6d9fe515ef6430f30e500dd37449d32aec7341b
                                                                                                                                                                                                                                          • Instruction ID: 0e857bb401998608011862678bbc6b3737838e3fe7057f2fa3829640c62a5ce0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b93d722b57e54d1c5c6e974ee6d9fe515ef6430f30e500dd37449d32aec7341b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70E01AB5A06706C2DB02AB74E8604647328EB48B48F444172DE0D43328DF3DD1ABDB50
                                                                                                                                                                                                                                          Function 00007FFBAA216E0B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,00007FFBAA212839), ref: 00007FFBAA216E20
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFBAA212839), ref: 00007FFBAA216E43
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                          • String ID: ObjId$Parameters${s:s, s:N}
                                                                                                                                                                                                                                          • API String ID: 1860207225-2686500079
                                                                                                                                                                                                                                          • Opcode ID: 21f033b1f574980252f1d5c4097b178a18d5bff73dc401b747db5205b318ba76
                                                                                                                                                                                                                                          • Instruction ID: e9e0023f8c36d9c1dbba1f0740061a69726f7beb402d9744b2dd04c032ba3bca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21f033b1f574980252f1d5c4097b178a18d5bff73dc401b747db5205b318ba76
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47E092B190AB46C1EB02EB70E8104B43328BB44704F4800B2CE4C02338CE3CE16BE760
                                                                                                                                                                                                                                          Function 00007FFBAA216B60 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                          • String ID: ObjId$Value${s:s,s:N}
                                                                                                                                                                                                                                          • API String ID: 1860207225-3161452806
                                                                                                                                                                                                                                          • Opcode ID: a22c89335a23a70f7afd9dfff3ee34bbe3a731d3f2f019d1779b99e0e53101e9
                                                                                                                                                                                                                                          • Instruction ID: c8251f8b7f311f70412ee0b0ada83620e64db9d8399fd4a16b7893739a752575
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a22c89335a23a70f7afd9dfff3ee34bbe3a731d3f2f019d1779b99e0e53101e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DE01AB5916A06C2EB01AB20E8504A47328FB54B08B540072CE4D06238DE3DD26BE760
                                                                                                                                                                                                                                          Function 00007FFBAA216E10 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 15COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyBytes_FromStringAndSize.PYTHON312(?,?,?,?,?,00007FFBAA212839), ref: 00007FFBAA216E20
                                                                                                                                                                                                                                          • _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00007FFBAA212839), ref: 00007FFBAA216E43
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Size$BuildBytes_FromStringValue_
                                                                                                                                                                                                                                          • String ID: ObjId$Parameters${s:s, s:N}
                                                                                                                                                                                                                                          • API String ID: 1860207225-2686500079
                                                                                                                                                                                                                                          • Opcode ID: d0cdd24dfd525620e2ecf6138d5cfd1585b05de96cb3a5f6eca1597dfad9f085
                                                                                                                                                                                                                                          • Instruction ID: 4051b879d060dbca01d4a64cd6fc414264673c97a526359412cdc618fca24195
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0cdd24dfd525620e2ecf6138d5cfd1585b05de96cb3a5f6eca1597dfad9f085
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BE01AB5916A06C2EB02EB60E8504A46328BB44B08B580072CE5D06338DE3DE1ABE760
                                                                                                                                                                                                                                          Function 00007FFBAA1E7B40 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ControlLengthfreemallocmemcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3383347431-0
                                                                                                                                                                                                                                          • Opcode ID: 2bbe38348c2f00229164cbdda6c70da1ec05e543728ec76a17c1fda9eb1c925f
                                                                                                                                                                                                                                          • Instruction ID: c88755d7bba52e391f2bae39507ac0323491978bc344894cc881bd0d01ed733b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bbe38348c2f00229164cbdda6c70da1ec05e543728ec76a17c1fda9eb1c925f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0611E462B09A4196FB568B79F5001B952A8EB49BD4F040035EF0D43694EF2CC8968710
                                                                                                                                                                                                                                          Function 00007FFBAA1E89F0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Py_NewReference.PYTHON312(?,?,?,00007FFBAA1E6FA7,?,?,?,00007FFBAA1E6DB3), ref: 00007FFBAA1E8A0D
                                                                                                                                                                                                                                          • GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFBAA1E6FA7,?,?,?,00007FFBAA1E6DB3), ref: 00007FFBAA1E8A1E
                                                                                                                                                                                                                                          • GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FFBAA1E6FA7,?,?,?,00007FFBAA1E6DB3), ref: 00007FFBAA1E8A4F
                                                                                                                                                                                                                                          • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFBAA1E6FA7,?,?,?,00007FFBAA1E6DB3), ref: 00007FFBAA1E8A68
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,00007FFBAA1E6FA7,?,?,?,00007FFBAA1E6DB3), ref: 00007FFBAA1E8A7B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurity$ControlLengthReferencemallocmemcpy
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3412238872-0
                                                                                                                                                                                                                                          • Opcode ID: af7347515c41f927a2f41c8b097ef964e323764c9e35b540a02784828c4adbf5
                                                                                                                                                                                                                                          • Instruction ID: fe4c4904a7c7fd1c1a4b3bded0ad2de20d9b4e3dfa8290449a8c4449bc50d059
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: af7347515c41f927a2f41c8b097ef964e323764c9e35b540a02784828c4adbf5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C11A266705B4196EA568B6AE5003796268EB85BD4F080031CF4C03794EF7CD9AA8310
                                                                                                                                                                                                                                          Function 00007FFBAA21B340 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocSizeState_$AppendBuildBytes_EnsureFromList_ReleaseStringValue_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2009074532-0
                                                                                                                                                                                                                                          • Opcode ID: 09c412c75f786431a46af4d753e698d7893c93d0833fd3895a72c43ee296303e
                                                                                                                                                                                                                                          • Instruction ID: 32dca1ff6db36635671761285141431a521b142ecfcb05f0a4a3780ead09e1c5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c412c75f786431a46af4d753e698d7893c93d0833fd3895a72c43ee296303e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA011E70A0A702C1EE566B72E4605396664AF4CB90F1444B5DD5E87398DE2CD4B69310
                                                                                                                                                                                                                                          Function 00007FFBAA21A460 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: State_$AppendDeallocEnsureFromList_Object_ReleaseU_object@@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1307292411-0
                                                                                                                                                                                                                                          • Opcode ID: 2da81ce98251997789bd95e6982422e9a0af280cbac30fa44f8514417ecc8a66
                                                                                                                                                                                                                                          • Instruction ID: bd55807ae232e5a5549cecd4b556fb070c5d5f7ab8633534ffb2232c0ae4337c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2da81ce98251997789bd95e6982422e9a0af280cbac30fa44f8514417ecc8a66
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08016775A0A711C2E7116B35E814029B6A9AF84B90F1801B5DF5E47768DF3CD4669710
                                                                                                                                                                                                                                          Function 00007FFBAA216C7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Tuple_
                                                                                                                                                                                                                                          • String ID: CERT_ALT_NAME_ENTRY %d is not yet supported
                                                                                                                                                                                                                                          • API String ID: 3728983458-143101820
                                                                                                                                                                                                                                          • Opcode ID: 8b8a282126e4b4783f6b230fc72f71cb4dd8030e10860e6f5e33ceedb6805a1f
                                                                                                                                                                                                                                          • Instruction ID: a9893d06a3418ec4b5a9fac7a0c1f86c3a5e932751bd795b5f5871ece74930aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b8a282126e4b4783f6b230fc72f71cb4dd8030e10860e6f5e33ceedb6805a1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE317C32A09746C6DB05EF20E88046CB7A9F784B94B944036DF4D47B68DF7CE556DB20
                                                                                                                                                                                                                                          Function 00007FFBAA1E9D20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                          • String ID: iiiiiiiii|i$year out of range
                                                                                                                                                                                                                                          • API String ID: 385655187-1001734015
                                                                                                                                                                                                                                          • Opcode ID: bdb6a63c852c7cf84773621299bc6dcc79d39ca74b6c218579789cb9ceecb365
                                                                                                                                                                                                                                          • Instruction ID: a2858c2d845b22d2a4faa189dc17c04eec2fa483f7a1bf93513d9307e98ae101
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bdb6a63c852c7cf84773621299bc6dcc79d39ca74b6c218579789cb9ceecb365
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B31A1B2B04B41D6D31ACF24D4445AC73A9F749B80B558176CB5D83700EF3AD996C750
                                                                                                                                                                                                                                          Function 00007FFBAA1EA330 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Timefloor$SystemVariant
                                                                                                                                                                                                                                          • String ID: VariantTimeToSystemTime
                                                                                                                                                                                                                                          • API String ID: 1266533630-2676162551
                                                                                                                                                                                                                                          • Opcode ID: dc397b296f06fc7e1d3c323fad90fc2e41b045541a9b3741c62cc6411df5889f
                                                                                                                                                                                                                                          • Instruction ID: 6f79bffdaeb0e9810eda8efdfe32a70d07a69b60297fca9f5dc77b2547fccbc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc397b296f06fc7e1d3c323fad90fc2e41b045541a9b3741c62cc6411df5889f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A31C0A1C2CE85D5E2138734D8111B9E3ADAFAB399B448373FC5F71521EF28B4874620
                                                                                                                                                                                                                                          Function 00007FFBAA1ED200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseSizeTuple_
                                                                                                                                                                                                                                          • String ID: OiOOi(ii):MSG param$The object is not a PyHANDLE object
                                                                                                                                                                                                                                          • API String ID: 2270327996-2297966167
                                                                                                                                                                                                                                          • Opcode ID: 9424ad87bbcc8c5408d9988cc4dcd448fe0b5f34f80dcc76766e9d6ef4476183
                                                                                                                                                                                                                                          • Instruction ID: 1226034120c6cf9228bb574f70da14e5397ecf6a9ea3a58de3897863d99590bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9424ad87bbcc8c5408d9988cc4dcd448fe0b5f34f80dcc76766e9d6ef4476183
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA215CB2B0AB46E1EB538F25D8400B973AEFB85B84F444572CE5C47264EF38E956C760
                                                                                                                                                                                                                                          Function 00007FFBAA1E8EF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_InitializeParseSizeTuple_
                                                                                                                                                                                                                                          • String ID: (bbbbbb)b:Initialize$InitializeSid
                                                                                                                                                                                                                                          • API String ID: 3719922413-750340051
                                                                                                                                                                                                                                          • Opcode ID: 2853aa2cb39919d957a981e66e38e641e7025cba95939f0fdf6db46d98927918
                                                                                                                                                                                                                                          • Instruction ID: 66e30b8be64436c726ab9143981190f74b31a3133242bea40d84608c76485073
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2853aa2cb39919d957a981e66e38e641e7025cba95939f0fdf6db46d98927918
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5721AFB6B09A46E1EF03CB31E8550BD33A5FB89B40B810172CE6D46650DF3DD95AC720
                                                                                                                                                                                                                                          Function 00007FFBAA1E3D8C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DeleteParseTuple
                                                                                                                                                                                                                                          • String ID: DeleteAce$l:DeleteAce
                                                                                                                                                                                                                                          • API String ID: 1230908747-3702189175
                                                                                                                                                                                                                                          • Opcode ID: 580d4995c30976671ec43622fb1abc4abbc5c184b1a1d2acfc6d921f1e308c7f
                                                                                                                                                                                                                                          • Instruction ID: 03770a3312144252b417f835733aec36e1f3fe845e0797b2cf4f4752e22b359f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 580d4995c30976671ec43622fb1abc4abbc5c184b1a1d2acfc6d921f1e308c7f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34015BD6A1A6C6D6E7474B75DC901BC3B74EF86B44F4880B2CE4D42251EE1CD9A7C710
                                                                                                                                                                                                                                          Function 00007FFBAA1E4D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • DEVMODE structure of size %d greater than supported size of %d, xrefs: 00007FFBAA1E4D8C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_Format
                                                                                                                                                                                                                                          • String ID: DEVMODE structure of size %d greater than supported size of %d
                                                                                                                                                                                                                                          • API String ID: 376477240-1470040908
                                                                                                                                                                                                                                          • Opcode ID: 31e2062cbb1e77be5c04455be555e42aabfdbaff16b487831bfbe25ff830af8d
                                                                                                                                                                                                                                          • Instruction ID: 6a2ade75cbf13e33c4e5ca2534d98ed127e568f6662ece0885473638c9fcee91
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31e2062cbb1e77be5c04455be555e42aabfdbaff16b487831bfbe25ff830af8d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95117391F16642D5EE678B76D84023823A8FB9AB54F441071CD0D87790EE2DD8968320
                                                                                                                                                                                                                                          Function 00007FFBAA1E50D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: CloseHandle$The object is not a PyHANDLE object
                                                                                                                                                                                                                                          • API String ID: 0-4264222050
                                                                                                                                                                                                                                          • Opcode ID: 0e5af5bc048dff164d40552dc514e9a2b980e4fab7d31470d53ae96aeec852b1
                                                                                                                                                                                                                                          • Instruction ID: 940ef94ea49ec543e50e16603e7bfb472a0e785359624105c8beeb9ffef8c13d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e5af5bc048dff164d40552dc514e9a2b980e4fab7d31470d53ae96aeec852b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB118AA5F0BA42D1EE638B35DC9017913A5FF89768F844176DE1E82291EF6CDD478320
                                                                                                                                                                                                                                          Function 00007FFBAA1E8070 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorOwnerParseSecurityTuple
                                                                                                                                                                                                                                          • String ID: :GetSecurityDescriptorOwner$GetSecurityDescriptorOwner
                                                                                                                                                                                                                                          • API String ID: 2338322640-1512101531
                                                                                                                                                                                                                                          • Opcode ID: 771e96b15b263e6d8951f84d50e1b1bf4d9c27dfebe04fc272ccadb699901be2
                                                                                                                                                                                                                                          • Instruction ID: 19d73342bff5014abb39a8b2193938c7c16de61c2339ad799a87974fa8b74226
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 771e96b15b263e6d8951f84d50e1b1bf4d9c27dfebe04fc272ccadb699901be2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 870184E5E0AA46E1EB578B32EC402792364FFC6744F445072DE0D47394EE2CE99A8720
                                                                                                                                                                                                                                          Function 00007FFBAA1EC590 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_CreateGuidParseReferenceSizeTuple_
                                                                                                                                                                                                                                          • String ID: :CreateGuid
                                                                                                                                                                                                                                          • API String ID: 2232489080-3559396464
                                                                                                                                                                                                                                          • Opcode ID: 09cfe9be1413eff01afa2bb2f16402033869353b27c53ba5146419ec9c390cd0
                                                                                                                                                                                                                                          • Instruction ID: 52c558d0a5ff27c25275497ca2019585f89510aff035239f6d952d5df5f10184
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09cfe9be1413eff01afa2bb2f16402033869353b27c53ba5146419ec9c390cd0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F901D6A5F09B81D1EA539B30F81107D33A4FB8A790F841176DE4E02365EF3CE5868B10
                                                                                                                                                                                                                                          Function 00007FFBAA216E50 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_Keywords_ParseSizeStringTuple
                                                                                                                                                                                                                                          • String ID: Object used to construct a CRYPT_ALGORITHM_IDENTIFIER must be a dict$sz#:CRYPT_ALGORITHM_IDENTIFIER
                                                                                                                                                                                                                                          • API String ID: 2818518640-2559664096
                                                                                                                                                                                                                                          • Opcode ID: 107cdd3578aa7c27db04c7ffac28f6a0350c8f9216670a13a473e985a9627509
                                                                                                                                                                                                                                          • Instruction ID: 14c53b926d7b0104ed8114b337cb7380042cd4d4e0f58814647a5d1f21e09f50
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 107cdd3578aa7c27db04c7ffac28f6a0350c8f9216670a13a473e985a9627509
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE016DF2A19B42C2EB019F20E8505AA73A8FB88790F448272DE4D47318DF7CD5EAD710
                                                                                                                                                                                                                                          Function 00007FFBAA1E5F50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FromString$CharErr_Unicode_Wide
                                                                                                                                                                                                                                          • String ID: The string is too long
                                                                                                                                                                                                                                          • API String ID: 1358704699-1150129668
                                                                                                                                                                                                                                          • Opcode ID: d16902b345cacd23d2082d23a250b7d8911b8a85442355fbbb1c59808b897c3b
                                                                                                                                                                                                                                          • Instruction ID: b52e6a6a49383c77bcced076fc963e358c29cb74925fdb6733d909721a0de59a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d16902b345cacd23d2082d23a250b7d8911b8a85442355fbbb1c59808b897c3b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 610192A5B15A81E1FAA39B20E8413BD2364FBCD764F800272CD5D462E4DF2CD50A8B10
                                                                                                                                                                                                                                          Function 00007FFBAA1E52B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyEval_SaveThread.PYTHON312 ref: 00007FFBAA1E52CA
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 00007FFBAA1E52D7
                                                                                                                                                                                                                                          • PyEval_RestoreThread.PYTHON312 ref: 00007FFBAA1E52E2
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Eval_Thread$BuildCloseDeallocDecodeErr_ErrorFormatFreeHandleLastLocalMessageObjectRestoreSaveSizeUnicode_Value_
                                                                                                                                                                                                                                          • String ID: CloseHandle
                                                                                                                                                                                                                                          • API String ID: 2420468086-2962429428
                                                                                                                                                                                                                                          • Opcode ID: a234cd2355cefa9f88078073659698f9681e44205f00e32605d73f6149afe859
                                                                                                                                                                                                                                          • Instruction ID: 18a6400c6951b5b11d50f4b96264b7652c211302940c6d9c8fdb513c635b68e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a234cd2355cefa9f88078073659698f9681e44205f00e32605d73f6149afe859
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0A465A19640C2EB539731F8443B962A5EB85754F180071DE4E43750DE7CD8878310
                                                                                                                                                                                                                                          Function 00007FFBAA1E1B10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_InitializeParseTuple
                                                                                                                                                                                                                                          • String ID: :Initialize$InitializeAcl
                                                                                                                                                                                                                                          • API String ID: 1991639834-2627007299
                                                                                                                                                                                                                                          • Opcode ID: 63bff58f03a89d83c8465e0b9a4330355ea6ebece3a6d91fa291ed6468edabb7
                                                                                                                                                                                                                                          • Instruction ID: 30fb79f64c5fe4f5f4f5f07bc2aa3a9a36eefa444a44527a5386be8f57b2c391
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63bff58f03a89d83c8465e0b9a4330355ea6ebece3a6d91fa291ed6468edabb7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59F09691B0A546D1FB678B36DC4007923A8EF99F94F085072CE0D46360FE2CD89B9320
                                                                                                                                                                                                                                          Function 00007FFBAA216F80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_Keywords_ParseSizeStringTuple
                                                                                                                                                                                                                                          • String ID: O&O&:CERT_PUBLIC_KEY_INFO$Object used to construct a CERT_PUBLIC_KEY_INFO must be a dict
                                                                                                                                                                                                                                          • API String ID: 2818518640-462478997
                                                                                                                                                                                                                                          • Opcode ID: 1809209a6058c0eebb6c0bf00a3d41bb38e366adb9d598705f6ad5fbad0262c7
                                                                                                                                                                                                                                          • Instruction ID: 6faab3318ddaa51de7b06574cce81b23ce704ea9e1345575573d13f4dcde58f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1809209a6058c0eebb6c0bf00a3d41bb38e366adb9d598705f6ad5fbad0262c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D01EDB1E19B42C5E6119F20E8506A97368FB94754F905276DA4D02624DF3CD1FAD710
                                                                                                                                                                                                                                          Function 00007FFBAA216170 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CertContextErr_FreeString
                                                                                                                                                                                                                                          • String ID: CertFreeCTLContext$The certificate trust context has been closed
                                                                                                                                                                                                                                          • API String ID: 1426095556-2522795890
                                                                                                                                                                                                                                          • Opcode ID: c5e869dbc77e6106798d9c40142a37f71d8773675d2fb9768a7373d2e4e8d925
                                                                                                                                                                                                                                          • Instruction ID: 8d94dcc9a80b9a092f1089c19b69138edd5d4710990ecee7f7ee58d77804ce86
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5e869dbc77e6106798d9c40142a37f71d8773675d2fb9768a7373d2e4e8d925
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8F0F4B1B06B06C1EB169B75E8617752365FB88B85F4440B2CD0D47268DE2DD1BBD324
                                                                                                                                                                                                                                          Function 00007FFBAA1EFEA8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                          • Opcode ID: a3f181e4645522ee0c5c135495326946e4810cbaa9c199b01633478fd2f3168f
                                                                                                                                                                                                                                          • Instruction ID: e73a83d99b91f4d0638a17ecdc9b93bb3ff715829c1eedb01dc4bbb9120402cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3f181e4645522ee0c5c135495326946e4810cbaa9c199b01633478fd2f3168f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9F0E277606B84CAC7269F35E8904BC3368F749B88B5A9160FE4D47B55CF38D8918390
                                                                                                                                                                                                                                          Function 00007FFBAA1EF870 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                          • Instruction ID: 4142cfd414380f07aa7d1fe76edf26d3e678e12e9f0dcc906787eb24c3f60f0b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AF06D72A05686E1EB675F35E18447D33A8FB49B44B688070DF5807646DA38E8A2C790
                                                                                                                                                                                                                                          Function 00007FFBAA1E61B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: From$CharStringUnicode_Widewsprintf
                                                                                                                                                                                                                                          • String ID: IID('%ws')
                                                                                                                                                                                                                                          • API String ID: 3341265217-2301737843
                                                                                                                                                                                                                                          • Opcode ID: 50bfa6779426d2aff07c13c9fa1ccc7473edcd72459b3b2acf0a8f76b6dac1ef
                                                                                                                                                                                                                                          • Instruction ID: 0dd8f8bee60ef986226b868eaff4486ab02e99d23bbbb78ec3ce3d561df569e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50bfa6779426d2aff07c13c9fa1ccc7473edcd72459b3b2acf0a8f76b6dac1ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F086A5A199C6E1EB729B20E4443AD6374FB89764F800372C9AD076E4DF2CD54ACB10
                                                                                                                                                                                                                                          Function 00007FFBAA1ECFE0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • llll;RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFBAA1ED02E
                                                                                                                                                                                                                                          • RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFBAA1ECFFE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_Err_ParseSizeStringTuple_
                                                                                                                                                                                                                                          • String ID: RECT must be a tuple of 4 ints (left, top, right, bottom)$llll;RECT must be a tuple of 4 ints (left, top, right, bottom)
                                                                                                                                                                                                                                          • API String ID: 4247878537-1420951713
                                                                                                                                                                                                                                          • Opcode ID: 1fed8bc5305fefe79f8efb547535d6236b786e61c4e6cfa1f5450ff16927bdb7
                                                                                                                                                                                                                                          • Instruction ID: 2c6c711f4a1430719186702a097cf54b7fb5e1af001baaaa4266f1d2741cf119
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fed8bc5305fefe79f8efb547535d6236b786e61c4e6cfa1f5450ff16927bdb7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40F0DAA9A05A85E1DA52DF25E8401A977A4FB86B94F848273CE4D47320EF3CD95EC710
                                                                                                                                                                                                                                          Function 00007FFBAA216430 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23encryptionCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CertDeleteErr_FromStoreString
                                                                                                                                                                                                                                          • String ID: CertDeleteCTLFromStore$The certificate trust context has been closed
                                                                                                                                                                                                                                          • API String ID: 625287200-2833492776
                                                                                                                                                                                                                                          • Opcode ID: d5f5d27a0f90addbe0dc6293a08970713683563a2c6710282950f8c75fd82afe
                                                                                                                                                                                                                                          • Instruction ID: bef39e68996c97f64e42354291ae600bd9464bb4cda38d95fa7979c1e4828ef1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5f5d27a0f90addbe0dc6293a08970713683563a2c6710282950f8c75fd82afe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CF0D0B5F0AB03C1EA16AB25DCA15752369BB84B84F8040B2CD0E43228DE2CE17BA310
                                                                                                                                                                                                                                          Function 00007FFBAA217140 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 13COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722172755.00007FFBAA211000.00000020.00000001.01000000.0000001D.sdmp, Offset: 00007FFBAA210000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722154829.00007FFBAA210000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722196142.00007FFBAA221000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722215046.00007FFBAA22B000.00000004.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722273566.00007FFBAA22E000.00000002.00000001.01000000.0000001D.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa210000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: BuildSizeValue_
                                                                                                                                                                                                                                          • String ID: Value$ValueType${s:k,s:u#}
                                                                                                                                                                                                                                          • API String ID: 1740464280-1382112235
                                                                                                                                                                                                                                          • Opcode ID: 7f076c615a03d93ee95bbe3148c90c539ee6a1201ca250ba2e3820517ca867b8
                                                                                                                                                                                                                                          • Instruction ID: e6118248a65d689afee23f348e0b4b75c73d79215cf2800ed8d1c856eebe6147
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f076c615a03d93ee95bbe3148c90c539ee6a1201ca250ba2e3820517ca867b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29E0B671A0AB4AC2DE21EB28E8509983368F755748B940071DA4C43738DE3DD22BDB14
                                                                                                                                                                                                                                          Function 00007FFBAA1EB220 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_FreeMem_Memoryfreemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 182096997-0
                                                                                                                                                                                                                                          • Opcode ID: a824d51c04412f2cfe757f604ae0b7e488ddafe631157d4ea853e098f62a4294
                                                                                                                                                                                                                                          • Instruction ID: 8e941b428b6b789b3ae8003fc54b4bbd9e653ae147be30a4065e7232ad45fdf1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a824d51c04412f2cfe757f604ae0b7e488ddafe631157d4ea853e098f62a4294
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A541C2B2A0AA96D5DA239F65D4401BDB7A8FF85BA4F448272DE1C03790DF38E846C314
                                                                                                                                                                                                                                          Function 00007FFBAA1E49F0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3353409452-0
                                                                                                                                                                                                                                          • Opcode ID: cfc265aedca1cfd4c5f867cf65e84f229c2e015578add5d1ee2c0dd8f0420849
                                                                                                                                                                                                                                          • Instruction ID: cebcf05d0f51f75cb389b8171fc450b7ff3bb511ca0655060c80568e8b15dedc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfc265aedca1cfd4c5f867cf65e84f229c2e015578add5d1ee2c0dd8f0420849
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09115A22A19B84D6D721CF26F48006EB774FB88B80B444039DF8D83B61EF7CE4528754
                                                                                                                                                                                                                                          Function 00007FFBA9899AD8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2720206000.00007FFBA93D1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFBA93D0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720189189.00007FFBA93D0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720550755.00007FFBA98A3000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720664872.00007FFBA99E3000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720685219.00007FFBA99E7000.00000008.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720703708.00007FFBA99F2000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720721234.00007FFBA99F4000.00000004.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2720737984.00007FFBA99F5000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffba93d0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: ff4f3edb73ccb2b5a921599c578c821157fd68db91dd4b7440eb1c091a05e9ad
                                                                                                                                                                                                                                          • Instruction ID: 1e1e1a54bbf137c597550f01a62081ad19cce9f399434a689ed8306e8ad8bf36
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff4f3edb73ccb2b5a921599c578c821157fd68db91dd4b7440eb1c091a05e9ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13114C62B15B0299EB058F74E8442A833A4F718758F040A31DE2D86BA4DF3CD1589340
                                                                                                                                                                                                                                          Function 00007FFBAA12150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721214197.00007FFBAA121000.00000020.00000001.01000000.0000002E.sdmp, Offset: 00007FFBAA120000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721195452.00007FFBAA120000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721230705.00007FFBAA123000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721246765.00007FFBAA125000.00000002.00000001.01000000.0000002E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa120000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                          • Instruction ID: 7bc2d815a577ed47eda012837ebeb9349dfc0befcedebdb7e71555f7bfc843b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8114866B15B01DAEB02CB70E8642F833A8FB1AB58F041E31DE6D427A4DF38D1998354
                                                                                                                                                                                                                                          Function 00007FFBAA11150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721145672.00007FFBAA111000.00000020.00000001.01000000.0000002F.sdmp, Offset: 00007FFBAA110000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721130032.00007FFBAA110000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721162728.00007FFBAA113000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721178652.00007FFBAA115000.00000002.00000001.01000000.0000002F.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa110000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                          • Instruction ID: 641928343682fda3e5ed325f55ba2d7c180d5d423dc9e5bbbdaec9e522227bbc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B114C66B15B01D9EB41CB70E8442B837A8F71AB58F040D3ADE6D427A8DF78D1998350
                                                                                                                                                                                                                                          Function 00007FFBAA19150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721782896.00007FFBAA191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFBAA190000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721766538.00007FFBAA190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721801582.00007FFBAA192000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721820820.00007FFBAA194000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa190000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 0baeea097dfd391caeb23ce1cd709dc375e05fd8cc26cab7f33f9427a773fc6d
                                                                                                                                                                                                                                          • Instruction ID: 8260d1548af97d8da956d85b8f9cfe9123f3bf437bc5856592a1082f0f10cdab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0baeea097dfd391caeb23ce1cd709dc375e05fd8cc26cab7f33f9427a773fc6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0113A66B16B0199EB018B70E8853BC33A8F71A758F080D35DE6D427A4EF3CD1A9C250
                                                                                                                                                                                                                                          Function 00007FFBAA14150C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721348074.00007FFBAA141000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAA140000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721331278.00007FFBAA140000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721365877.00007FFBAA143000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721384327.00007FFBAA144000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721401219.00007FFBAA145000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa140000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2933794660-0
                                                                                                                                                                                                                                          • Opcode ID: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                          • Instruction ID: 1efec2a5b0bab21930f0b82ab9dff090c92a54e4461678ab14a0340f55f943f0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57e55c07fb4b7e3f2d380650e9b8758557fae20b4aa4a558b4cbdb1162b5ee6f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C113AB6B15F019AEB01CB74E8442A833A8F71A758F040E31DE6D477A4DF38D1A98250
                                                                                                                                                                                                                                          Function 00007FFBAA1E8E60 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3624451276-0
                                                                                                                                                                                                                                          • Opcode ID: f209ba4f67c1bd7ad927fbf5c44fd95c424540822dfd8a5772c24d0642e01099
                                                                                                                                                                                                                                          • Instruction ID: cc1131b106afd8dae4e7ff33539a35b8865a7d06ff612514ca3c5b7724f92c4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f209ba4f67c1bd7ad927fbf5c44fd95c424540822dfd8a5772c24d0642e01099
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0017565A0AB85D2EB869B66F84417C63B8FB8ABD0F040076DE4E03B54EF3CDC568314
                                                                                                                                                                                                                                          Function 00007FFBAA1E4960 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3353409452-0
                                                                                                                                                                                                                                          • Opcode ID: 06fbbf861f31e947fc0cff152ccf4cf8ba627b0409590e7f134d7ba7840202b3
                                                                                                                                                                                                                                          • Instruction ID: b052a6e9063b8b5406382c95c227f3c104a8b20aaf21fa18c83ae33c0c2ea763
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06fbbf861f31e947fc0cff152ccf4cf8ba627b0409590e7f134d7ba7840202b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8201AD62B16B95D2EB55CF26E44006D7775FB88F84B084039EE0C43328EF38C892C798
                                                                                                                                                                                                                                          Function 00007FFBAA1E9290 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Referencemallocmemcpymemset
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1282408338-0
                                                                                                                                                                                                                                          • Opcode ID: 7bfaa5ebf8b34820a0e233f4471406ef91c962e6e2596f4fa0cefa083294b3f2
                                                                                                                                                                                                                                          • Instruction ID: 81560bbf167aa9e48f370e4b81de99eb10b483b429121eabc86a7297987b084b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bfaa5ebf8b34820a0e233f4471406ef91c962e6e2596f4fa0cefa083294b3f2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71F0AF61B0AB81D1EA968B22F44002DA268FB49FD0B488071EE4D07B19DF3CD8938704
                                                                                                                                                                                                                                          Function 00007FFBAA1E42B0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeReferencemallocmemset
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 306314696-0
                                                                                                                                                                                                                                          • Opcode ID: 9b05a175ca92aa19f75d95a4ef61566b1229818556ea28acc5a1f5188c494334
                                                                                                                                                                                                                                          • Instruction ID: 7591b8417910bebdd256866f52632c7533158b064fcddf13188c3f2ccf41a082
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b05a175ca92aa19f75d95a4ef61566b1229818556ea28acc5a1f5188c494334
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEF08C61A09F91C6D741CB22F84006D7368EB89FC0B188031EE4D03B28DF38D9968754
                                                                                                                                                                                                                                          Function 00007FFBAA1E8970 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DescriptorSecurityfree$InitializeLengthReferencemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2992339461-0
                                                                                                                                                                                                                                          • Opcode ID: e18387423927f03562960c83c48f9baa80d415592888f67cc2897486346f62b8
                                                                                                                                                                                                                                          • Instruction ID: 363b105d6cd01e268debcfde3fa6dcad99ddab41379411d00e9ec30b4ed4eab4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e18387423927f03562960c83c48f9baa80d415592888f67cc2897486346f62b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF09661B06B42D2EB868B22F95433863A5EB4EFC0F144071CD4E07755EE7CDC8A8310
                                                                                                                                                                                                                                          Function 00007FFBAA1E9310 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3624451276-0
                                                                                                                                                                                                                                          • Opcode ID: ef35d0e389114da7284109d5a3633f4f3a3ae6f6cc59037d686e74084529aff4
                                                                                                                                                                                                                                          • Instruction ID: ecb365548fab8ceef8708a4c2399871f24c680ea7a62154b5239337826c80638
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef35d0e389114da7284109d5a3633f4f3a3ae6f6cc59037d686e74084529aff4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DF03065A05B81D2D7918B62F84402D6268FB49FC0B444075DE4E43B24EF7CD8568310
                                                                                                                                                                                                                                          Function 00007FFBAA1EBE50 Relevance: 6.0, APIs: 4, Instructions: 20threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Value$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3706641815-0
                                                                                                                                                                                                                                          • Opcode ID: b9f039f49c0c3725a936294eabfd3aea5f23939cf0c2b3ce667fcfdf6801e786
                                                                                                                                                                                                                                          • Instruction ID: 2ffab88b71de8dff834aeae2e1e5ba1188d611911a806f343c2ba5aedfd3e9c1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9f039f49c0c3725a936294eabfd3aea5f23939cf0c2b3ce667fcfdf6801e786
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACF0A2E490E746D2FA979B35EC5437923A5AF49711F4940B5CD0E16360DE3CAC9EC620
                                                                                                                                                                                                                                          Function 00007FFBAA141ED0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _wassert.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,?,?,00007FFBAA141E7F), ref: 00007FFBAA141F14
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2721348074.00007FFBAA141000.00000020.00000001.01000000.0000002C.sdmp, Offset: 00007FFBAA140000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721331278.00007FFBAA140000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721365877.00007FFBAA143000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721384327.00007FFBAA144000.00000004.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721401219.00007FFBAA145000.00000002.00000001.01000000.0000002C.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa140000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _wassert
                                                                                                                                                                                                                                          • String ID: (void*)in != (void*)out$src/scrypt.c
                                                                                                                                                                                                                                          • API String ID: 3234217646-1092544927
                                                                                                                                                                                                                                          • Opcode ID: 3f74783a774495b2fb1495f69d0df3a82a369050092964074b4d48987a3f409d
                                                                                                                                                                                                                                          • Instruction ID: f77d9a85649e51e5039e43af475cd3d441e454b1250317d17d1565ec87b69cfb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f74783a774495b2fb1495f69d0df3a82a369050092964074b4d48987a3f409d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A81106E3B05A5183DA168B16FC002A5A668FB95FE0F084531EE6D0BB94DF3CC547C300
                                                                                                                                                                                                                                          Function 00007FFBAA1EA170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: PyImport_ImportModule.PYTHON312 ref: 00007FFBAA1E9861
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: PyObject_GetAttrString.PYTHON312 ref: 00007FFBAA1E987D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: _Py_Dealloc.PYTHON312 ref: 00007FFBAA1E988F
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: PyTuple_New.PYTHON312 ref: 00007FFBAA1E989C
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: PyObject_CallMethod.PYTHON312 ref: 00007FFBAA1E98BB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: _Py_Dealloc.PYTHON312 ref: 00007FFBAA1E98D1
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E9840: _Py_Dealloc.PYTHON312 ref: 00007FFBAA1E98E7
                                                                                                                                                                                                                                          • PyObject_GetAttrString.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAA1E99ED), ref: 00007FFBAA1EA1B4
                                                                                                                                                                                                                                          • _Py_Dealloc.PYTHON312(?,?,?,?,?,?,?,?,?,00007FFBAA1E99ED), ref: 00007FFBAA1EA213
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Dealloc$Object_$AttrString$CallImportImport_MethodModuleTuple_
                                                                                                                                                                                                                                          • String ID: max
                                                                                                                                                                                                                                          • API String ID: 66079785-2641765001
                                                                                                                                                                                                                                          • Opcode ID: afa67af572f1350e402637108e0cfd3a2185254bb60b6e563785a36e96d5d9b9
                                                                                                                                                                                                                                          • Instruction ID: a9ee0a17c8e5d6c721cd6816776169f1f545d6146bb1dd7aea6c0d836f09c27f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afa67af572f1350e402637108e0cfd3a2185254bb60b6e563785a36e96d5d9b9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83117F72A09786E2EB964F21E54003DB3A9FB45B85F044071EE9E17B58EF3CE861C710
                                                                                                                                                                                                                                          Function 00007FFBAA1E9960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PyArg_ParseTuple.PYTHON312 ref: 00007FFBAA1E9982
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E6350: PyLong_AsLongLong.PYTHON312 ref: 00007FFBAA1E6375
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1E6350: PyErr_Occurred.PYTHON312 ref: 00007FFBAA1E6384
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32 ref: 00007FFBAA1E99B9
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC0AB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC11A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyUnicode_DecodeMBCS.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC1EB
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_BuildValue_SizeT.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC200
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC218
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: PyErr_SetObject.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC22D
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EC090: _Py_Dealloc.PYTHON312(?,?,?,?,?,00000000,00000000,00007FFBAA1E786D,?,?,00000000,00007FFBAA1E7BE2,?,?,?,00007FFBAA1E1911), ref: 00007FFBAA1EC23C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_LongTime$Arg_BuildDeallocDecodeErrorFileFormatFreeLastLocalLong_MessageObjectOccurredParseSizeSystemTupleUnicode_Value_
                                                                                                                                                                                                                                          • String ID: FileTimeToSystemTime
                                                                                                                                                                                                                                          • API String ID: 2951598573-1754531670
                                                                                                                                                                                                                                          • Opcode ID: 632d414ff01d91852ae786370b54ce0723fa11f4dcff63e83e1afd5d37ea7c8a
                                                                                                                                                                                                                                          • Instruction ID: 482e185882e2267adb74acc44c6343d82da6f89ae60084946684aeba89f1ae31
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 632d414ff01d91852ae786370b54ce0723fa11f4dcff63e83e1afd5d37ea7c8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1011D6A1E19982E2EA63EB30E85107A73A5FFC6744F840072EE4D82555EE2CD9068B10
                                                                                                                                                                                                                                          Function 00007FFBAA1E32F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                          • String ID: AddAccessDeniedObjectAce$lllOOO:AddAccessDeniedObjectAce
                                                                                                                                                                                                                                          • API String ID: 3371842430-3179976129
                                                                                                                                                                                                                                          • Opcode ID: b316ed875ad92f5d67c8aa4309a6d514b86a89ca2ef25c80c39e036b3862fcec
                                                                                                                                                                                                                                          • Instruction ID: d28bbde8f6916e77758464b35163e357517e834b47f6be0f19b82a88f1b9d3cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b316ed875ad92f5d67c8aa4309a6d514b86a89ca2ef25c80c39e036b3862fcec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD118CB6B09B85D2DB52CF61E4445AD73A4F788790F110136DEAC83B24EF38D999CB10
                                                                                                                                                                                                                                          Function 00007FFBAA1E3240 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                          • String ID: AddAccessAllowedObjectAce$lllOOO:AddAccessAllowedObjectAce
                                                                                                                                                                                                                                          • API String ID: 3371842430-684429688
                                                                                                                                                                                                                                          • Opcode ID: 6cb21bfeaffb9b239cd272a1894bc0af3c1a26a0febc66c129de5451c9c9c3f6
                                                                                                                                                                                                                                          • Instruction ID: b17d381cb9e93d364fac4e0d411723506641443b0916d0d720c53336adefe3af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cb21bfeaffb9b239cd272a1894bc0af3c1a26a0febc66c129de5451c9c9c3f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29116AB2B09B86D2DB52CF61E4445AD73A4F788790F510136DEAC83B14EF39D999CB10
                                                                                                                                                                                                                                          Function 00007FFBAA1E2EB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                          • String ID: AddAccessDeniedAceEx$lllO:AddAccessDeniedAceEx
                                                                                                                                                                                                                                          • API String ID: 3371842430-4150984663
                                                                                                                                                                                                                                          • Opcode ID: ad09e65bb1cea0ac4f5e9af40242ab57fcedfcdf14550f24ac85561f6cdc466a
                                                                                                                                                                                                                                          • Instruction ID: cf458292f8e7ba1afe6da178be8ef67e7d9c0493099cd4203b6f935f5c624fe5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad09e65bb1cea0ac4f5e9af40242ab57fcedfcdf14550f24ac85561f6cdc466a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81011EB6A09741D2EA12CB64F4404AA77A4F789794F540222EF9C83B28DF3CD599CF00
                                                                                                                                                                                                                                          Function 00007FFBAA1E2F40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                          • String ID: AddMandatoryAce$kkkO:AddMandatoryAce
                                                                                                                                                                                                                                          • API String ID: 3371842430-3675006617
                                                                                                                                                                                                                                          • Opcode ID: 076364db2900c2bb665b33999295fa93c37af88c4ee1d99e6863dbe7ae2cd730
                                                                                                                                                                                                                                          • Instruction ID: 7753818cf298a677b85c1fdbeea64e6683b63d57933c0592ced2d8f18a982c9e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 076364db2900c2bb665b33999295fa93c37af88c4ee1d99e6863dbe7ae2cd730
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83011EB6A09741D2EB52CB65F4400AAB7A4F789794F540222EF9C43B28DF3CD599CF00
                                                                                                                                                                                                                                          Function 00007FFBAA1E65C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                          • String ID: :OVERLAPPED
                                                                                                                                                                                                                                          • API String ID: 709158290-1552635527
                                                                                                                                                                                                                                          • Opcode ID: e0bdebcfea0511a29331e8c1aae85b93b7c30f15489b0f9b8cc0108d539767b8
                                                                                                                                                                                                                                          • Instruction ID: d4abb5c917be23f01e2c0a5e62169b471de00e8917669233a2267309e9133eec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0bdebcfea0511a29331e8c1aae85b93b7c30f15489b0f9b8cc0108d539767b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44019E72A15B81C2D7558F31E88016D73E8FB99B84F956236DA8C43764EF3CD9A5C700
                                                                                                                                                                                                                                          Function 00007FFBAA1E2E20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                          • String ID: AddAccessAllowedAceEx$lllO:AddAccessAllowedAceEx
                                                                                                                                                                                                                                          • API String ID: 3371842430-1263352432
                                                                                                                                                                                                                                          • Opcode ID: 373ec3d6942346a08b4875f32b347a83816f03fbf51c164e75df230f572021d0
                                                                                                                                                                                                                                          • Instruction ID: 38323c98610afb8abf1e3312b51b1a7c706152d9c0718ae28ec1af1cf2db5cfa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 373ec3d6942346a08b4875f32b347a83816f03fbf51c164e75df230f572021d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24011EB6A09741D2DB12CB65F4400AA77A4F789794F540222EF8C83B28DF3CD599CF00
                                                                                                                                                                                                                                          Function 00007FFBAA1ECC40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EAAE0: PyErr_SetString.PYTHON312 ref: 00007FFBAA1EAB1F
                                                                                                                                                                                                                                          • PyErr_Clear.PYTHON312 ref: 00007FFBAA1ECC5C
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB65
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB73
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB81
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB90
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB9B
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBB3
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBC7
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBE6
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1ECC92
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Resource id/name must be string or int in the range 0-65536, xrefs: 00007FFBAA1ECC81
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$Occurred$ClearLong_String$DeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                          • String ID: Resource id/name must be string or int in the range 0-65536
                                                                                                                                                                                                                                          • API String ID: 286819204-907244015
                                                                                                                                                                                                                                          • Opcode ID: 8b5b059616f32ab4af3ef54f4cc1be5fdf2f8475748c73add3075f97ecde13f8
                                                                                                                                                                                                                                          • Instruction ID: 344bf4e1993cec841d85273ef76ed7365f3a0a9e7c55d418df0fe3925ee465c5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b5b059616f32ab4af3ef54f4cc1be5fdf2f8475748c73add3075f97ecde13f8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83F0C8A1B19A42D0FB639B36FD4437912A4EF89BC4F449071DE0E83654EE2CD8864310
                                                                                                                                                                                                                                          Function 00007FFBAA1ECCE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EAED0: PyUnicode_AsWideCharString.PYTHON312 ref: 00007FFBAA1EAF0A
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1EAED0: PyErr_SetString.PYTHON312 ref: 00007FFBAA1EAF29
                                                                                                                                                                                                                                          • PyErr_Clear.PYTHON312 ref: 00007FFBAA1ECCFC
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyNumber_Long.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB65
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB73
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB81
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB90
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Clear.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECB9B
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyLong_AsUnsignedLongLong.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBA4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Occurred.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBB3
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: _Py_Dealloc.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBC7
                                                                                                                                                                                                                                            • Part of subcall function 00007FFBAA1ECB50: PyErr_Format.PYTHON312(?,?,?,00007FFBAA1E4F6E), ref: 00007FFBAA1ECBE6
                                                                                                                                                                                                                                          • PyErr_SetString.PYTHON312 ref: 00007FFBAA1ECD32
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Resource id/name must be unicode or int in the range 0-65536, xrefs: 00007FFBAA1ECD21
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_$Long$OccurredString$ClearLong_$CharDeallocFormatNumber_Unicode_UnsignedWide
                                                                                                                                                                                                                                          • String ID: Resource id/name must be unicode or int in the range 0-65536
                                                                                                                                                                                                                                          • API String ID: 293670993-4091729669
                                                                                                                                                                                                                                          • Opcode ID: 60c3811dd216bffba4a48a67c9a17aa3425e8de53ba8c318c0d045a22ed7e1d4
                                                                                                                                                                                                                                          • Instruction ID: ea7c5bb9de0c39153e4dd2ba9c53bc31076836c6a59bfe2e553d733b163c74bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c3811dd216bffba4a48a67c9a17aa3425e8de53ba8c318c0d045a22ed7e1d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F0AFA1B0A642D0EBA39B36FD4037952A9BB89BC4F044071DE4D86658EE2CD8978350
                                                                                                                                                                                                                                          Function 00007FFBAA1ED190 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DeallocSequence_Tuple
                                                                                                                                                                                                                                          • String ID: Sequence can contain at most %d items
                                                                                                                                                                                                                                          • API String ID: 1991852567-3507602910
                                                                                                                                                                                                                                          • Opcode ID: 25fa632f6a6d5f12d6e8a9f938950a621ca743a84be2cca98152b4da34864958
                                                                                                                                                                                                                                          • Instruction ID: c60e545dc054761091123820c6c54c96182772c30bbc3ecf7dcd86e87b044eef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25fa632f6a6d5f12d6e8a9f938950a621ca743a84be2cca98152b4da34864958
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9F044A2A16A42D1EA5B8B25E94003863A5FBDABA0F041572DD5D03794DE2CD8968710
                                                                                                                                                                                                                                          Function 00007FFBAA1EA590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Capsule_ImportReadyType_
                                                                                                                                                                                                                                          • String ID: datetime.datetime_CAPI
                                                                                                                                                                                                                                          • API String ID: 2581296196-711417590
                                                                                                                                                                                                                                          • Opcode ID: cb23a3028eaa3d179535be05a169c1506c4a61177cb4d63680d54856fd82966b
                                                                                                                                                                                                                                          • Instruction ID: 1c5744f06e54d63e9c692388012cc156814cee691203b1d2a6e5bf04580c18e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb23a3028eaa3d179535be05a169c1506c4a61177cb4d63680d54856fd82966b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0001E1B5A0AB41D1EA87DB25D89007473A8FB89B51F5581B1CD9E43374DF3CD8A7D210
                                                                                                                                                                                                                                          Function 00007FFBAA1E51D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Long$Arg_FromLong_ParseTuple
                                                                                                                                                                                                                                          • String ID: :Detach
                                                                                                                                                                                                                                          • API String ID: 1152936543-4103459575
                                                                                                                                                                                                                                          • Opcode ID: e443cbe33a69a4e9ccd6b9eb4e5bf13f7ca75ca43a2515781c54e467d984db27
                                                                                                                                                                                                                                          • Instruction ID: 176470217859266838a585223ff6737a06bec7b4a044de6ec02f53b067671119
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e443cbe33a69a4e9ccd6b9eb4e5bf13f7ca75ca43a2515781c54e467d984db27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0E261705641D2EB974B35F94037822A4BF04BC0F885035CD1D87358EE2CD8858300
                                                                                                                                                                                                                                          Function 00007FFBAA1EB710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                          • String ID: :WAVEFORMATEX
                                                                                                                                                                                                                                          • API String ID: 709158290-1364142124
                                                                                                                                                                                                                                          • Opcode ID: b87b5b271dae4500a872c9a8d630c7e74213b6f1348c28940c0ab33bd005c71f
                                                                                                                                                                                                                                          • Instruction ID: 426de201aa68ad048e194ad3f80e88f1530ab6622a5845c8b6e2bf6e81cc64cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b87b5b271dae4500a872c9a8d630c7e74213b6f1348c28940c0ab33bd005c71f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F09091A1AB82D2D7569F31EC4006922A4BF8EB44F885276CA8C86314EF3CE5958310
                                                                                                                                                                                                                                          Function 00007FFBAA1E97F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttrObject_StringSubtypeType_
                                                                                                                                                                                                                                          • String ID: timetuple
                                                                                                                                                                                                                                          • API String ID: 1421930220-3328721318
                                                                                                                                                                                                                                          • Opcode ID: d19154720ba3a1a31f80388809a956ba94848c63bf42471ed6da160e07ef3a78
                                                                                                                                                                                                                                          • Instruction ID: 56f255d3e2db092d674813dcf0dd4d33fd8146774d9c3824f4ef867d82a13527
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d19154720ba3a1a31f80388809a956ba94848c63bf42471ed6da160e07ef3a78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38E039D1B0A686E1FA678B22E8401385358AB59F81F4850B1CD4D42260FE1EDCD6C620
                                                                                                                                                                                                                                          Function 00007FFBAA1E1A50 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                          • String ID: @$|ii:ACL
                                                                                                                                                                                                                                          • API String ID: 3371842430-2672190651
                                                                                                                                                                                                                                          • Opcode ID: 37e0a04dbdd66d88dba87736e60bcd60b2cc716513f2cdfbd5e24e8b7461a77d
                                                                                                                                                                                                                                          • Instruction ID: db01afba2247a664fd814b23ee9cba2152b4565e98379bc0092172f0339fa1b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37e0a04dbdd66d88dba87736e60bcd60b2cc716513f2cdfbd5e24e8b7461a77d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F082A5A096C2D2D612DBA1F80426DA7A8FBC1350F804075DE4D43B64EFBCD51ACF10
                                                                                                                                                                                                                                          Function 00007FFBAA1E1B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseTupleValid
                                                                                                                                                                                                                                          • String ID: :IsValid
                                                                                                                                                                                                                                          • API String ID: 2541654197-2800628479
                                                                                                                                                                                                                                          • Opcode ID: a2c7ad6af1abea5f253b7a3b05eb2fc78f02dceca7f840b8d1cfe89c45c020dd
                                                                                                                                                                                                                                          • Instruction ID: 29166a6e2a93709b49d7064363e69d7f5e6a1ccb536e341231e40e8dc42cb19e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2c7ad6af1abea5f253b7a3b05eb2fc78f02dceca7f840b8d1cfe89c45c020dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75E0E6D1F16946D1EB574772EC5007912A4AF59B91F041071CD1D86360FD6C9DDB8610
                                                                                                                                                                                                                                          Function 00007FFBAA1E8FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_ParseSizeTuple_Valid
                                                                                                                                                                                                                                          • String ID: :IsValid
                                                                                                                                                                                                                                          • API String ID: 1733704823-2800628479
                                                                                                                                                                                                                                          • Opcode ID: d6672662ff62677f4ee0c9ae0f75957b8217232bd1142c6c8af475a3793489e6
                                                                                                                                                                                                                                          • Instruction ID: 6e336dfb34ac34f1770a703e934776c390bbe55c726d9a321d21a161aa44c744
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6672662ff62677f4ee0c9ae0f75957b8217232bd1142c6c8af475a3793489e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E08690B1A546D1EB574772EC400791294EF49B90F041071CD1E86350FD2CDCDB8214
                                                                                                                                                                                                                                          Function 00007FFBAA1E8890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                          • String ID: :IsValid
                                                                                                                                                                                                                                          • API String ID: 1292091245-2800628479
                                                                                                                                                                                                                                          • Opcode ID: 88f9e98b93e5a915f0c9d2f85e788e22b484281a7c608c4bbfbdfe024740cc3c
                                                                                                                                                                                                                                          • Instruction ID: a2b1239d11fd030f4bbcc1fb503ee92253d3feb4a0f5eb6b7beb7e6817ef3edd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88f9e98b93e5a915f0c9d2f85e788e22b484281a7c608c4bbfbdfe024740cc3c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06E0E6D1B16986D1EB974772EC5047912D4EF49B90B441071CD1D86360FD6CDDDB8710
                                                                                                                                                                                                                                          Function 00007FFBAA1E9090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_LengthParseSizeTuple_
                                                                                                                                                                                                                                          • String ID: :GetLength
                                                                                                                                                                                                                                          • API String ID: 986722786-295138441
                                                                                                                                                                                                                                          • Opcode ID: 9f40dc58e3b00cbbe786f80ce784a4c9e75ad5122b7287aeffa16e6cf2c79c5c
                                                                                                                                                                                                                                          • Instruction ID: 587c32dba4820103f981b6fea0f8787fa14adfb2c03b754fe711cc2387589656
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f40dc58e3b00cbbe786f80ce784a4c9e75ad5122b7287aeffa16e6cf2c79c5c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35E086D0B1A546D1EB5B4B72EC400791298EF49B90F440071CD5E86360FD2CACDA8210
                                                                                                                                                                                                                                          Function 00007FFBAA1E88D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_DescriptorLengthParseSecurityTuple
                                                                                                                                                                                                                                          • String ID: :GetLength
                                                                                                                                                                                                                                          • API String ID: 840013968-295138441
                                                                                                                                                                                                                                          • Opcode ID: 99bbef9938abcbd77cc71ab482e6a24a020aa0d5f9e310f661fdaecfbdcf0375
                                                                                                                                                                                                                                          • Instruction ID: 0fc5ced2a8b94f9844b791f56f4e3887a3b9c8e8a4e467388809edc0c6868759
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99bbef9938abcbd77cc71ab482e6a24a020aa0d5f9e310f661fdaecfbdcf0375
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CE0E6D1B16986D1EB9B4772EC514791294EF49B90B041171CD1D86360FD6CADDA8710
                                                                                                                                                                                                                                          Function 00007FFBAA1E90D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Arg_AuthorityCountParseSizeTuple_
                                                                                                                                                                                                                                          • String ID: :GetSubAuthorityCount
                                                                                                                                                                                                                                          • API String ID: 3376985458-2020981275
                                                                                                                                                                                                                                          • Opcode ID: f0c015188994c3a9580b6de2581154fc77b4ac0713eae07f29022d0ca35b690d
                                                                                                                                                                                                                                          • Instruction ID: fcb60423bbe104e46332e911bc57578d60e28a0438f8123c33e83513fd71fa38
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0c015188994c3a9580b6de2581154fc77b4ac0713eae07f29022d0ca35b690d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DE086D1B0E586E1EB9B8772EC500792298DF49B91F4400B2CD9D46350FD2CEDDA8710
                                                                                                                                                                                                                                          Function 00007FFBAA1EC880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.2722042104.00007FFBAA1E1000.00000020.00000001.01000000.0000001E.sdmp, Offset: 00007FFBAA1E0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2721979429.00007FFBAA1E0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722062834.00007FFBAA1F0000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722082058.00007FFBAA1FE000.00000004.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.2722101868.00007FFBAA201000.00000002.00000001.01000000.0000001E.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_7ffbaa1e0000_L5OMdZqWzq.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Err_String
                                                                                                                                                                                                                                          • String ID: POINT must be a tuple of 2 ints (x,y)$ll;POINT must be a tuple of 2 ints (x,y)
                                                                                                                                                                                                                                          • API String ID: 1450464846-334919720
                                                                                                                                                                                                                                          • Opcode ID: 0d35483ddf44bfd197dc49b1b6211cb938ad411bb0e78d11a6d325ab75245ce1
                                                                                                                                                                                                                                          • Instruction ID: 603a17e181280fadcb3e4e5068226a84d48bf0766f2a0aec4b0f4f2e19150ace
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d35483ddf44bfd197dc49b1b6211cb938ad411bb0e78d11a6d325ab75245ce1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74E0EDE5B06A86E0E6478B25EC801A923A4FB46B48F85D1B3C94D46220DE2CD99FC710